TNT. It is explosive stuff. It’s also the name of the courier that has lost a CD with information on approximately one million UK citizens. If I’m not wrong, they were associated with several breaches in the past year as well. For a courier company, they sure appear in the news a lot over losing packages. One wonders how they’re still in business? I mean, granted, delivery by FedEx and UPS doesn’t offer a cherry on top, but at least stuff arrives at their intended destinations…. Anyway, the important thing about this incident is that the potential for a data breach is really low. Encryption was used, as it should have been, to protect the contents of the lost CD, and a round of applause of ought to be given to the guys at the Paisley Emergency Medical Dispatch Centre (EMDC).
According to this article in the Telegraph, the disk contained the records of 894,629 calls to the Paisley EMDC, going as far back as February 2006. The records included patient names, addresses, phone numbers, medical details, or some combinations thereof. However, somebody at the EMDC was not asleep at his (or her) job, and decided to encrypt the contents before sending it via what appears to be the only working courier in the UK.
Due to the events over the past year, members of the government assumed that another data breach had occurred, and were getting ready to do some finger‑pointing and rabble‑rousing, going as far as asking for an emergency statement. However, it was pointed out that the disk was encrypted (and password‑protected…which is like saying that you’ve won the lottery and picked up a quarter. Kudos to you, but twenty‑five cents doesn’t mean much in the overall picture, ya git?), as detailed in the security procedures for data transfers. I assume the procedures were outlined by the government, so everything is A‑OK.
However, some in the government are trying to score points from the situation by lambasting the delay in notification, since it took two weeks for revealing the loss. To these people, I’d like to point out that, at this point, you’re not really concerned with potential data breaches and the security of your constituents. No, rather, you’re indirectly complaining about the terrible service afforded by TNT.
Why do I say this? Because properly executed encryption solutions like AlertBoot make it virtually impossible for data to be accessed—the chances of a data breach are so low it may take decades for a person to crack the security in place, assuming that’s all he does for 24/7. Thus, if the now‑lost disk is encrypted, then it doesn’t matter if the loss is announced today, was announced two weeks ago, or is announced next year—the citizens are no less likely to fall victim than prior to when the disk was sent out. The same principle protects laptops when using full disk encryption.
Unless, of course, the passwords for accessing the encrypted information were also sent in the same package. If so, point all the fingers you want. I’ll join in. I’ll also toss in some derisive laughter for good measure.