A shoe boutique in the UK has made an appeal to thieves, asking for the return of an aged notebook computer that was used as a customer database. The main concern in this case doesn’t appear to be data security — which could have been easily resolved by the judicious use of laptop encryption software like AlertBoot — but the fact that the data was not backed up.
Computer Stolen from Busy Store
A 17-inch Toshiba laptop was stolen from Exclusive Footwear, a shoe store based out of Gillygate, York (UK). The laptop computer contained client details for the store’s on-line business. It’s not mentioned what type of details were included, although one assumes that the usual information for client relationship management would be present: names, addresses, phone numbers, email addresses, and possibly dates of birth.
The device had not been backed up for the past three months, meaning that any customer information that had been collected during that time is now lost. And, my understanding of boutiques is that they specialize in particular items and styles, so the loss of three months’ worth of potential business is quite significant (unlike, say, a supermarket, where chances are that the customers will come back again, soon).
The owner has offered a reward for the safe return on the device — or, at least, the hard drive with the client data; although, truth be told, it could take on any type of form: CD, DVD, email attachment, etc. — which is old and distinctively cracked. And heavy, although that’s to be expected from a 17-incher (makes one wonder why anyone would steal it to begin with).
Gone in 15 Minutes
According to the owner, she left the shop in charge of colleague during a busy afternoon. Fifteen minutes later, the colleague noticed that the device had disappeared.
Such thefts are not uncommon. What’s unusual about the case, though, is that someone stole it while there were other people present, and that the device was heavy. I myself own a 17-inch Toshiba, and I can tell you that there is nothing “portable” about this particular notebook computer. It’s about as portable as one of those leather-bound unabridged dictionaries from yore.
Regardless, it just highlights the fact that people are willing to steal anything that’s not fixed to the ground. The case also offers lessons in the importance of backing up data (always recommended — a cloud-based solution might be ticket here) and using encryption software to ensure that sensitive information is not divulged to the wrong people.
The information in this case is not acutely sensitive or personal. However, if the wrong criminals are involved, it could mean more than lost data to Exclusive Footwear.
For example, how are they sure that the thieves don’t have friends who are hackers that will use the email addresses in the client records (admittedly an assumption on my part that these exist in the stolen laptop) for spamming purposes. Not just regular spam, but a socially-engineered spam that leads to a Trojan for further stealing data? After all, the thieves know that all of the people in the database are or have shown interest in being clients of the boutique shop, and can use that to their advantage.
Sometimes, it’s not just sensitive data that needs to be secured, but secondary data that could act as vectors.