Nearly 38,000 customers are being contacted by Glasgow City Council after the loss of two laptop computers late last month led to a data breach. Of the two computers, one contained the sensitive information. The device was not secured with drive encryption software like AlertBoot, which would have ensured information confidentiality and integrity.
Bank Account Details Exposed
The theft of the laptops took place around May 28, when council offices in Cochrane Street were broken into, but the extent of the damages — in the form of the data breach — was not realized until June 6.
Only one of the laptops contained personal data. More specifically, one laptop had bank account details for 10,382 companies and 6,069 individuals, including “suppliers and people receiving fuel payments and care grants,” according to the BBC. Names and addresses for all 37,835 people were also stored on the laptop.
Password Protection? They’re Like Handcuffs
When I say that password-protection — which is the only data security the laptop at the center of all this brouhaha had at the time of the theft — is like handcuffs, I don’t mean it as a compliment.
Picking handcuffs is relatively easy: here’s a YouTube video. Of course, the trick is learning how to pick the restraints prior to being handcuffed and to have the right tool, in this case a bobby pin. But, otherwise, there isn’t much to it. It’s simple and straightforward. It might be one reason why police prefer quick-ties over handcuffs when binding a suspect’s hands.
And so it is with bypassing password-protection. It depends on the system, of course, but if we’re talking about a Windows machine, the easiest way to bypass passwords on boot-up is to take out the hard disk drive from the machine and connect it to another computer under your control, a computer that does not have a password or one to which you know the password to.
In the above hardware juggling, the password-protected drive essentially becomes an external drive and accessing it will not trigger its password. For the data thief, the problem over overcoming the password protection is easily solved. Describing the process is actually much harder than going through the motions.
It’s why I constantly tell people that password-protection is a misnomer and anything but. Just because you name it “protection” doesn’t mean that it won’t fail to live up to its name.
If one really wants to protect their data on a laptop or external hard disk drive, the only solution lies in encryption software. It’s about the only thing that will absolve a UK organization, public or private, from the wrath and Monetary Penalty Notice of the ICO, the Information Commissioner.
Related Articles and Sites: