British Sky Broadcasting (BSkyB), a satellite subscription television service operating in the UK and Ireland, has alerted employees that consulting firm Deloitte has lost a laptop containing the pension information of BSkyB staff.  It sounds like the contents were encrypted using a service similar to file encryption offered by AlertBoot managed encryption solutions, so there’s a good chance that this won’t result in an information leak, even if it is considered a data breach by certain standards.

According to an article by comptuting.co.uk (link found below), the computer was stolen from a public space, and the stolen information includes names, dates of birth, and salary figures.  Bank details and addresses were not included.

The computer was lost when the bag containing it was stolen.  It has been emphasized that the bag was not a laptop bag, so it’s very unlikely that the objective was the laptop or its data.  Of course, just because this was not a targeted theft doesn’t mean that, if the computer is accessed, it can’t lead to identity theft or other forms of fraud.  With more and more people becoming aware of the value of the data in such devices, random acts of larceny can lead to bigger headaches than lost equipment for a company.

However, the good news is that the sensitive information was protected with the use of encryption software.  Content encryption is a very effective method of preventing people from accessing data that ought to remain confidential.  There is, however, something of a caveat in the BSkyB announcement.  It had stated that “most of the information” was encrypted.

It’s not apparent whether this means that most of the information on the laptop was encrypted or whether most of the sensitive information was encrypted.  One would hope that it’s the former, since the latter means there’s still a chance of an information leak.  When it comes to a laptop, I tend to recommend that people opt to use hard drive encryption along with other security measures.

The use of hard drive encryption ensures that everything on that laptop computer is protected.  In fact, the use of hard drive encryption by AlertBoot pretty much prevents your computer from booting up unless the correct username and password is provided.  Without the right credentials, the thief essentially has a brick in his hands, unless he decides to wipe the computer’s contents and re-install an operating system.  But the prior data is still inaccessible at that point.

This is different from the username and password you are prompted for when booting up your Windows machine.  That particular prompt can be easily bypassed, and information on your computer can be accessed in a matter of minutes.

Related Articles:

http://www.computing.co.uk/computing/news/2227846/bskyb-employee-stolen