in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

GE Money Alerting Clients About A Data Security Breach. These Guys Act Like Pros, No Matter What

Through no fault of its own (at least, that I can tell of), GE Money has lost a backup tape that was left in storage with Iron Mountain.  One tape, out of a set of nine, is missing from a secure facility at Iron Mountain’s premises, and a search has turned up empty.  Records show that all nine tapes were present when first put into storage.

 

GE Money has filed a notification with the state of New Hampshire, letting the AG’s office know that 1,851 active NH residents’ accounts were affected by the incident.  Approximately 20 residents had Social Security numbers included as part of the data.

 

How was the data protected?  Well, so far, it looks like it was by locking the tapes up; the filing with the AG’s office doesn’t discuss what type of security was in place.  Data encryption by AlertBoot would have helped mitigate fears of a data breach on such an unexpected incident.  And, although it sounds like Iron Mountain’s flub, GE is ultimately legally responsible for the data breach.  Another day, another data breach by a big—although not nameless—corporation.  What’s new, right?

 

Well, GE’s approach to customer notification, that’s what’s new.  I’ve read my share of data breach notification letters to various Attorneys General in numerous states, as well as copies of actual letters sent to affected customers; but this is the first time I’m aware of where the filing by the company is cognizant of how a blanket, mass alert to clients is not the best approach for clients.  Here’s an excerpt from their letter:

“We have begun mailings to affected individuals, informing them of the nature of the incident and whether their account number, SSN, or both was on the tape.  We are providing suggestions on steps they can take to protect themselves (appropriate to the nature of information on the tape)…” [Emphases are mine.]

Granted, the numbers are easier to manage for GE than what TJX had to go through, for example; but plenty of companies have turned the above into something like this:

“We have begun mailings to affected individuals, informing them of the nature of the incident and whether their account number and/or SSN was on the tape.  We can’t be bothered to tailor the information as necessary, unnecessarily scaring our ‘beloved’ clients and potentially making them chase an invisible wild goose and spending inordinate amounts of time on the phone, setting up restrictions on their own financial data—possibly creating a hassle for themselves in the future.  Oh, yeah, we are providing some generic suggestions on steps they can take to protect themselves, since the letters are not tailored in the first place.  The suggestions come free, we won't nickel-and-dime you for it, of course, and are also free from cost for the company, like pointing out that all Americans are given the right to one free credit report per year.  We may also chip in for some credit monitoring programs…”

Except, the above would go through some lawyer/PR department, and include a sentence expressing regret.  Not that anyone believes it.

 

I'd like to give Kudos to GE.  Not that losing stuff is commendable, but acting like a pro ought to be applauded.

 
<Previous Next>

Data Security No Laughing Matter For UK Top Gear Host

Colombian Crisscrosses US To Steal Information From Hotel Computers With No Data Security

Comments

AlertBoot Endpoint Security said:

As many as 100,000 people could be affected by the loss of three backup tapes belonging to the Peninsula

April 14, 2009 2:48 AM
 

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.