TD Canada Trust is letting customers know that they should be on the lookout for suspicious activity regarding their accounts. Based on what type of information may have been breached, the “accounts” in this case refer to any held with TD as well as other financial institutions. Although not specifically stated, it sounds like data protection tools like AlertBoot full disk encryption were not used. Such software would have gone a long way in protecting customers’ information—beyond what is afforded by credit monitoring services (which is being offered to those affected).
The customer data that could be used for nefarious purposes include “names, addresses, birthdates, social insurance numbers, account numbers, bill payment details, transactions and balances,” according to an article at the Vancouver Sun. This information was residing within the computer equipment that got stolen during a break‑in on June 22. The alarm was triggered, but the thieves made off with the goods anyway. The bank representative declined to specify what type of computer equipment got stolen. I can’t also help but notice that the word “equipment” is both plural and singular—it could have been one external hard drive, a bunch of laptops, a stack of tapes, a USB flash drive, or some combination thereof: there’s just no way to know from what’s reported. Not that this matters in the long run. Information that is not secured via the use of data encryption is infinitely easier to access than encrypted data (and I do mean “infinite” in the literal sense).
I’ve already blogged yesterday how Anheuser‑Busch also was facing something similar in nature, where thieves broke into the brewer’s offices and stole computer equipment (laptops, in their case). When it comes to security, people seem to take solace in the existence of walls and locks on doors.
I mean, those things make the world a little safer for all of us. But that’s only because people respect the implication of “don’t come in.” The protection given to us by doors and locks…it’s more mental than it’s physical, if you really think about it. How many times have you seen people throw down the doors on TV? Did you think to yourself, “pshaw! That’s pure Hollywood!” Of course not. The only thing that really protects you in that case is about an inch of steel, that doorknob‑operated metal thing that inserts itself between the door and the door frame. The size and heft of the door doesn’t matter, generally speaking, impressive as it might be at first glance.
Perhaps the reason why encryption is not so popular is that people make a mental disconnect between what they see and what is real security. Laptop encryption, for example, doesn’t look like anything. It also doesn’t feel like anything, thanks to the advance in CPU speeds. In fact, modern computer encryption is designed to be transparent to the user—they won’t notice that it’s there. Out of sight, out of mind. A good thing, if we’re talking about employee productivity—nobody wants to be bogged down by a slow computer. A bad thing, if people are unaware of what’s actually protecting their data (if there is protection at all).