Council bosses at Leicester City have announced the loss, or possibly the theft, of a computer memory stick that held sensitive information of 80 babies and their families. The personal information included names, addresses, dates of birth, and telephone numbers. The USB memory stick was last seen in a nursery that was run by the city council. The use of disk encryption software like AlertBoot would have prevented the council from offering some drastic amends to the latest data breach in the UK.
According to an article at SC Magazine, the parents or caretakers of the children affected by the breach will be given help on how to change phone numbers, which is pretty easy, or “in extreme circumstances, will even be offered help changing address.”
That latter part must mean that the council will help families relocate. That’s kinda extreme, no? While I’m not sure what kind of circumstances could possibly lead to a move (perhaps, a single mother who’s trying to get away from an abusive relationship?), I assume that a move would require more than moving next door, or even down the street. Perhaps the next county over. Possibly a different city.
That above cannot be cheap. If you’re a cynic, like I am, you may believe the above offer was made because the council doesn’t think it will come to pass; at the same time, it sends a strong message that they’ll accept responsibility for this latest fracas, hopefully diverting from their way some of the criticism and vitriol that is bound to be tossed around.
If the council wanted to be seen as being responsible, though, they would have invested in data security solutions, like hard drive encryption software for computers or file encryption software for content protection. Both types of encryption, despite their names, work when it comes to USB memory sticks; USB disk data security need not be hard to deploy.
The question, though, in this very specific case, is whether the loss of the flash drive is worth the hubbub. Names, addresses, dates of birth, and telephone numbers are not exactly sensitive information. As plenty of people will point out, such information is sold and purchased by reputable companies, and most of the lost information is available in telephone books.
On the other hand, there is the additional information that these children, and their caretakers, were using the facilities run by the council. I guess it would just be one step to call the parents and phish some information out of them: “Hi, my name is so-and-so at the nursery. Your child’s records are being updated, and we’re missing some information. We’re sending a form to your address on file…etc.”
How many would not fall for the scam in a similar situation if they hadn’t know about the breach? Not many, probably. To begin with, the scammers in the above scenario have information people ordinarily wouldn’t have -- that a particular nursery is being used -- plus, they’re not demanding or collecting the information right away, and people tend to let their guard down in such situations. (Oh? You’re calling to let me know you’re sending a form? How nice! How thoughtful! How professional!)
It seems to me that the council did well by raising the alarm, regardless of how people feel that they “can’t really see what the problem is here.”
Related Articles:http://www.thisisleicestershire.co.uk/news/Children-s-data-lost-nursery/article-474309-detail/article.htmlhttp://www.scmagazineuk.com/USB-stick-containing-childrens-details-lost-in-Leicester/article/121031/