With the propagation of all things Apple, it was just a matter of time before the iPad was at the center of a data breach, especially since the letter-sized device has been very popular in business settings. Turning on password-protection – which automatically turns iPads and iPhones into secure and inaccessible encrypted devices – should be compulsory if such devices are used in the workplace (and the use of mobile device management solutions like AlertBoot Mobile Security would ensure that it is used).
Of course, that doesn’t prevent an organization from sending out a data breach notice if they choose to do so.
Vehicle at the Root of the Data Breach
According to a data breach notification letter by the South Central Los Angeles Regional Center (SCLARC), an employee’s vehicle was stolen on July 6, 2013.
A car at the center of a data breach. What’s new? Well, that the device at the center of the breach is not a laptop but an iPad. It’s the first case that I’ve run across where a computer has taken a backseat to a mobile device, and I think we can pretty much assume that we’ll see more and more cases of such data breaches in the future.
The notification letter noted that inside the car was the employee’s iPad which had password protection turned on. Despite this security measure, SCLARC noted that “should the thieves be able to break through the password protection, they may be able to retrieve your name and UCI#.” What are the odds that they would?
Well, it depends. I noted last week that researcher had built a PIN-cracking robot. Assuming that the iPad was secured with a 4-number combination, it would take less than 24 hours for this robot to crack the password. Assuming that the password was longer, who knows?
But I also know this: it’s not just OK for you to use a password. If you really want to ensure that the device remains secure after it’s been stolen or lost, you’ve got to turn the auto-wipe setting: One of the settings in all Apple mobile devices is to “erase all data” if the wrong password is entered 10 times in a row. (Incidentally, this is different from the “remote wipe” functionality that is found in AlertBoot Mobile Security, where the data can be deleted remotely).