AlertBoot Full Disk Encryption and Data Security
in

Next Steps

Get AlertBoot Encryption Now Subscribe Now
Why AlertBoot?
AlertBoot Encryption Software - Overview Product Overview
AlertBoot Encryption Solutions Security Features
AlertBoot Full Disk Encryption - Contact Us Contact Us

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Lost RIT Computer Presumably Does Not Have Laptop Encryption. Records Go Back To 1968

A laptop computer has gone missing from the grounds of the Rochester Institute of Technology.  While the RIT breach does not affect all at RIT, a sizable part of the New York‑based institution’s populace is affected.  Anyone who, going as far back as 1968, has applied to enroll at the National Technical Institute for the Deaf is affected—approximately 12, 700 people—as well as 1,100 others of the RIT community whose information was being used as part of a control group for some kind of internal study at RIT.  While it has not alluded to, it seems pretty obvious to me that a laptop encryption solution like AlertBoot was not used to secure the contents of the now missing computer.  The information that could end up being compromised includes names, dates of birth, and Social Security numbers.

 

Why do I think this?  Well, it seems to me that if they had full disk encryption in place, they would have mentioned it.  Since having started covering data security breaches, I’ve only found one instance where it wasn’t mentioned that a lost computer had encryption.  In most cases where encryption was used, people make an effort to point it out.

 

There are several things “wrong” with the RIT case, the presumed lack of encryption not withstanding.  To begin with, it seems they’re using SSNs as identifiers.  Many universities are making the switch over to privately generated student ID numbers.  This was a direct result of so many universities having been victims of hackers and lost or stolen computers with sensitive information over the last 24 months.

 

And while this is an option for RIT going forward, what do you do when your records go back forty years?  A university can’t just randomly swap out SSNs with privately generated identifiers.  Or can they?  In which case, the other question becomes, why is RIT storing these SSNs?  I mean, it’s kind of unusual, isn’t it?  They’re not storing information for students and graduates…they’re storing the information of all applicants.  Perhaps they’re enamored of that one line in college applications that ask “have you ever applied for admission to our particular institution in the past?”

 

Without knowing the details, it’s hard to pass judgment on whether data redaction was a possibility.  On the other hand, if data redaction is not a possibility, one would have to argue that RIT was custodian to such information and should have looked into the issue of data security quite seriously.  I think it’s safe to say that most college buildings are not bastions of security.

 

Related Articles:

http://www.rit.edu/news/?v=46283

http://www.democratandchronicle.com/article/20080831/NEWS01/808310356/1002/NEWS

Published Sep 02 2008, 11:27 PM by sang_lee
Filed under: , , , , , , , , , , , ,
<Previous Next>

Hard Disk Encryption Not Used In Lost Laptop Containing Ohio Student Information

Data Encryption Would Prevent Personal Data Leak For Stolen Oakland School Computers

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with Data Guard Systems, Inc., the leading provider of managed endpoint security services, based in New York, NY. Mr. Lee helps with the deployment and ongoing support of both the AlertBoot disk encryption managed service and the CellularManager cellular pos service for Data Guard's customers. Prior to working at Data Guard Systems, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.