While the details are sparse, due to the number of people affected, I get the feeling that Sealaska Corporation may have lost a computer or some other digital device that could have benefited from the use of encryption software like AlertBoot. Why am I postulating this? And if my hypothesis is correct, could data protection solutions like disk encryption or file encryption done anything for the community‑oriented company?
First, my reason for assuming a computer was stolen. The company has announced that there was a data breach of some sort. Like I said before, they’re being sparse with the details, so there’s no way to know whether it was a computer or a pile of documents. However, the company’s offering to sign up all shareholders—over 19,000 of them—to LifeLock, a credit protection service, so it seems to me that that pretty much seals the deal.
Now, it’s not impossible to have 19,000 peoples’ sensitive data printed out. In fact, if you print one name per line with 50 entries per page, you’re looking to about 400 pages or so, depending on what type of margin you use. The size and weight is nearly what you would expect from a laptop. So, in terms of form factor, either one is pretty easy to swipe.
There are more clues, though. According to an article at newsminer.com, Sealaska has stated that they “don’t believe the data was the target of the crime.” Now, the only reason why a pile of documents would disappear would be because of the data printed on them; so, it means that the data that was stolen must have had something else of value associated with it. A computer would seem to fit the bill...or maybe a really expensive briefcase housing the documents.
But! Sealaska has also announced, “[we] believe that unauthorized access to your name, address and Social Security number by the thieves is unlikely.” Can’t be a briefcase, since I don’t know of any briefcases that offer real protection. All signs on my security eight‑ball point to “stolen computer.”
Which brings us to the second point. Would encryption software help in this situation? Of course. Be it full disk encryption (where the entire contents of a hard drive are subjected to encryption) or file encryption (where individual files and their contents are encrypted), data encryption would have given Sealaska’s management the ability to state that they “believe that unauthorized access to your name, address and Social Security number by the thieves is so unlikely ” In fact, there’s a good chance that Sealaska wouldn’t have had to make the announcement at all (but don’t quote me on this. I’m not a lawyer).
I don’t know what type of discount Sealaska must have gotten from LifeLock, if any, but I imagine encryption would have resulted in better cost-savings, too.
A one‑year subscription for LifeLock is $120, or $10 a month. That’s similar to what a solution provider like AlertBoot encryption solutions charges for its services. However, chances are a company like Sealaska doesn’t have 19,000 computers to encrypt, so the overall cost is going to be much (much) lower if it goes with data encryption. Plus, you don’t have to deal with a public relations fallout. For most companies, that’s priceless. If people could stick that into their financial forecast spreadsheets…perhaps then we’d have more people looking into data security.