in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Tens Of Thousands Of Seniors Affected By Laptop Theft With No Data Encryption

An employee of the Pennsylvania Department of Aging returned from a funeral to find his home burgled.  Among the items missing was his laptop issued by the department which contained information on approximately 21,000 senior citizens.  Information included names, addresses, Social Security numbers, medical information, and recently services on the part of the department.  There was no encryption on the machine, just the customary double‑password.

 

Talk about bad timing.  The Department of Aging was actually in the process of encrypting computers when the burglary took place (all computers are encrypted as of the time of the press release), but the stolen laptop was one of those not yet encrypted.

 

There’s not much to say here.  One of the engineering creeds (that applies to pretty much anything in life) is “you’ve got to start somewhere.”  This is very true with data encryption.  Encrypting takes time and a multitude of resources, from the guys in IT to the people actually working on the machines to be encrypted.  Even easy‑to‑deploy wholedisk encryption solutions like AlertBoot will require some time as well as strategic questions such as, “which computers should be encrypted first?”— a perfectly valid question if you have to manage over 1000 computers.  Heck, it’s a valid one if you have to manage 100 computers.  You’ve got to start somewhere.

 

As for the security aficionados that would claim such information does not belong on laptops, I tend to find that “aging” people are hampered when it comes to mobility.  It’s generally easier for someone to go to the silver‑haired generation.  And as such, field agents do exist for the department—and assuming that wi-fi and other wireless connections are not universally available, which I don’t think it stretches the imagination—all that senior citizen data must reside somewhere with the field agent.  Governments need to step up on their efficiency, so it makes sense some form of a portable computer would be used.  Interestingly enough, due to the fact that wireless connectivity is becoming ubiquitous, the department actually has plans (and is working on) centralizing the required data so that downloads to a laptop won’t be required anymore.

 

This is a department that’s doing many things correctly when it comes to securing sensitive data.  They’re taking on the challenges of the here and now, and also laying the foundation to ensure better data security as technology develops.  It’s just that sometimes, you need a little bit of luck for things to go perfectly.

Published Dec 19 2007, 09:42 PM by sang_lee
Filed under: , , , , , , , ,
 
<Previous Next>

College Entrance Exam Data Security Breach In Japan

Los Alamos National Laboratory: Sometimes Data Security Requires More Than Laptop Encryption

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.