in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

German T-Mobile Loses 17 Million Customer Records. The Consequences Of Missing Data Encryption

Germany’s T-Mobile has admitted to a data breach that could affect up to 17 million people.  While the breach had happened in the spring of 2006, T-Mobile hadn’t alerted its customers at that time.  This week’s announcement was prompted by the findings of Der Spiegel magazine, which was able to access the information from unnamed third-party sources.  The use of data encryption like AlertBoot would have prevented this from happening, since the information leak was the result of a lost “storage device.”

 

T-Mobile wasn’t attempting to cover up the data leak.  It had reported the fact to the authorities, and based on what I’ve read so far, they actively continued to monitor whether the potentially compromised data would show up for sale – it didn’t.  At least one site, darkreading.com, is reporting that the storage device was recovered but there was no evidence that the data had been compromised.  Based on these encouraging signs, T-Mobile probably didn’t feel that there was a need to scare its customers.

 

Of course, absence of evidence is not evidence of absence.  The former could mean the latter or it could mean that someone did a shoddy job.  Or that the skills of criminals far outpaced the skills of investigators.  Or that the technology to effectively conduct the necessary forensic analysis does not exist.  Regardless, what is important is that Der Spiegel was able to see the compromised data, consisting of names, addresses, and cell phone numbers, as well as dates of birth or e-mail addresses in certain cases.  Nothing like evidence to dispel any illusions to the contrary.

 

Let’s face it: things go missing all the time, even the really important stuff that shouldn’t.  I recall that the US Air Force had “lost” a couple of nuclear warheads earlier this year, when they thought they were transporting some other kind of missile.  If the plane in question had decided to disappear, those nukes would have been lost for sure.  And this is despite the fact that the Air Force has checks and balances to ensure that such things don’t happen.  And before anyone decides to make a crack about military intelligence being an oxymoron, let me point out that the system has worked successfully for fifty years.  Of course, no data security procedure is going to be as intense as one designed for keeping secure and tracking nuclear arms (nor should it be expected to), so one expects things to go missing much more frequently.

 

On the other hand, it would be a moot point to apply checks and balances designed for weapons of mass destruction on something like a computer disk.  Information storage devices have a great solution for keeping their secrets safe.  It’s called disk encryption, and it’s designed specifically to prevent unauthorized access to the disk’s contents.  Unlike supposed data security solutions like password-protection which may or may not be deter amateur data thieves.

 

I’m not sure if Deutsche Telekom, parent company to T-Mobile, is aware of this, though.  The New York Times notes that security enhancements after the 2006 incident included “stronger passwords and access controls, and the logging of accesses to customer databases.”  That’s great and all, but the above won’t help when a disk goes missing.  It seems like mentioning the implementation of encryption software to ensure content security would have indicated T-mobile’s stronger commitment to customers’ data security.

 

Related Articles:

http://www.darkreading.com/document.asp?doc_id=165280&WT.svl=news2_1

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=210700232

http://www.theregister.co.uk/2008/10/06/t_mobile_records_lost/

http://www.deutschetelekom.com/dtag/cms/content/dt/en/51612;?archivArticleID=572378

http://www.nytimes.com/idg/IDG_852573C400693880002574DA0034AE43.html?ref=technology

 
<Previous Next>

More British Intelligence Gaffs. At Least MI-5 Using Device Encryption

Second Ireland HSE Data Breach: Laptop Encryption Not Used On Another Laptop Theft

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.