in

This Blog

Syndication

Tags

AlertBoot Endpoint Security

Hard Disk Encryption: Stolen UK Laptop Has Info On 33,000 Students, Doesn't Sound Like An Issue?

A computer containing information on up to 33,000 UK children has been stolen.  The laptop computer employed password-protection, but more powerful forms of information security like hard drive encryption from AlertBoot were not used.

The laptop was stolen from the Wigan Council's Children and Young People's Services (looks to be a government-backed teenage and child support group).  In fact, several laptops were stolen.  Among them was one that held a database, which includes:

"...names, dates of birth, postcodes, ethnicity and, where applicable, details of any special educational needs or eligibility for free school meals."There is also data on achievement in national curriculum assessments, which is the main purpose of the database."

Other than that, it looks like the laptops didn't carry sensitive data.

Data Redaction Is Also One Way of Combating Data Breaches

Would data security products like laptop encryption helped?  Yes, it would have prevented the thief or thieves from accessing the data on the laptop computer.  However, I'd say that the correct question to ask is "was there anything worthwhile to protect?"

On the one hand, data is data, and how much damage one can generate depends not only how sensitive and private the data happens to be, but also on the type of indirect information one can glean from that same data.  For example, if I work for a bank and lose a laptop with a list of customers' names and e-mail addresses only, it doesn't sound like a big deal.

However, any criminal that accesses the laptop would also know that these are the bank's customers, meaning he could carry out a phishing scam, one with a high success rate.  He could possibly get the company letterhead from the laptop itself, for example, to make that scam much more realistic.

So, just because the data doesn't look to be sensitive on the surface doesn't mean there can't or won't be untoward ramifications.  On the other hand, I'm having a hard time imagining how the above information on children could be used criminally.  All I'm drawing is a blank.

Generally, that means that correct data security practices were employed: if sensitive data was not stolen, there was no breach.

Related Articles:
http://www.leighjournal.co.uk/news/4255670.Stolen_laptop_contains_pupils__data/
http://www.databreaches.net/?p=2749

Published Apr 02 2009, 11:01 PM by sang_lee
Filed under: , , , , , , , , , , , , , , , , , , , , ,
 
<Previous Next>

Data Encryption Provision In New Missouri Senate Bill 207 Data Breach Notification Law

Data Security Comment: On Airbus Employee Snooping

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.