Fortune Industries has alerted the NH Attorney General that they've had a data breach. The letter to the AG stated that a laptop with sensitive data was stolen. It did not specify whether hard drive encryption software like AlertBoot was used to protect data, although it noted that the laptop had password protection.
Fortune Industries is a professional employer organization (PEO), meaning it serves as an outsourced HR department to a company. Because they act as the HR department, they deal with personal data all the time. Needless to say, they need to take data security very seriously. And, they probably do. Fortune, however, did not actually experience the data breach. The computer was stolen from an employee to a service provider to Fortune Industries, KSM Business Services, Inc. (meaning Fortune is an outsourcer as well as an outsourcee). Research on Google seems to suggest that the third party company mentioned above is an Indiana-based accounting firm. It's no fly by night operation, either, with 270 professionals and staff, according to their website. So, how come encryption software, I assume, was not used?
Fortune Industries is a professional employer organization (PEO), meaning it serves as an outsourced HR department to a company. Because they act as the HR department, they deal with personal data all the time. Needless to say, they need to take data security very seriously. And, they probably do.
Fortune, however, did not actually experience the data breach. The computer was stolen from an employee to a service provider to Fortune Industries, KSM Business Services, Inc. (meaning Fortune is an outsourcer as well as an outsourcee).
Research on Google seems to suggest that the third party company mentioned above is an Indiana-based accounting firm. It's no fly by night operation, either, with 270 professionals and staff, according to their website. So, how come encryption software, I assume, was not used?
This is not the first time that I've read or heard of a CPA falling victim to computer theft. And, more often than not, I've also found in such cases that encryption was not used to protect the data on stolen computers. That's quite alarming, since CPAs tend to hold sensitive data: they have tax IDs, names, and up-to-date addresses. These three alone are enough to steal someone's ID. When taking into account such past breaches, my guess is that, if KSM did not use disk encryption, it was because they suffered from what everyone suffers: the "it won't happen to me" syndrome.
This is not the first time that I've read or heard of a CPA falling victim to computer theft. And, more often than not, I've also found in such cases that encryption was not used to protect the data on stolen computers.
That's quite alarming, since CPAs tend to hold sensitive data: they have tax IDs, names, and up-to-date addresses. These three alone are enough to steal someone's ID.
When taking into account such past breaches, my guess is that, if KSM did not use disk encryption, it was because they suffered from what everyone suffers: the "it won't happen to me" syndrome.
Related Articles and Sites:http://www.databreaches.net/?p=7162http://www.ksmcpa.com/Content.aspx?a=2&c=2