The Canadian federal government paid out $751,750 to approximately 120,000 people who were affected by a data breach on September 2003, when six computers were stolen. The computers contained personal information but were not protected via drive encryption software. Six years for resolution. That must be some kind of record.
The Canadian federal government paid out $751,750 to approximately 120,000 people who were affected by a data breach on September 2003, when six computers were stolen. The computers contained personal information but were not protected via drive encryption software.
Six years for resolution. That must be some kind of record.
The breach occurred at a Laval Tax Services Office. Four laptops and two desktops were stolen. As already mentioned, data protection tools like encryption software were not used to protect the information found on these devices. One of the laptops was used as a server, which is not really unusual, but certainly raises eyebrows when considering the presence of desktops (on the other hand, if the laptops were much recent purchases and more powerful, it would make sense to use one of them as a server, as opposed to an aging desktop...) The thieves broke into the office by smashing a rock through a window. Regarding the theft, a spokesperson had this to say: ... the theft was indeed the result of human error as the main laptop, which held the majority of the stolen information, should have been locked away in a safe room - which it was not I don't know about that. I mean, when thieves are willing to throw rocks around, they're willing to kick down doors as well. Regardless, separating the main laptop/server may have helped the tax authority if the situation was literally a smash and grab. It took about a month for data to be reconstructed and the affected to be notified about the incident. Most of the people affected worked in the construction industry and could have included names, addresses, payments, and business numbers.
The breach occurred at a Laval Tax Services Office. Four laptops and two desktops were stolen. As already mentioned, data protection tools like encryption software were not used to protect the information found on these devices. One of the laptops was used as a server, which is not really unusual, but certainly raises eyebrows when considering the presence of desktops (on the other hand, if the laptops were much recent purchases and more powerful, it would make sense to use one of them as a server, as opposed to an aging desktop...)
The thieves broke into the office by smashing a rock through a window. Regarding the theft, a spokesperson had this to say:
... the theft was indeed the result of human error as the main laptop, which held the majority of the stolen information, should have been locked away in a safe room - which it was not
I don't know about that. I mean, when thieves are willing to throw rocks around, they're willing to kick down doors as well. Regardless, separating the main laptop/server may have helped the tax authority if the situation was literally a smash and grab.
It took about a month for data to be reconstructed and the affected to be notified about the incident. Most of the people affected worked in the construction industry and could have included names, addresses, payments, and business numbers.
The government has decided to settle a class action suit filed by the affected. Of the $750 thousand dollars, 1,401 people will receive $150 and 2,708 people will receive $200. This is meant as compensation for their time spent with credit reporting agencies Equifax or Trans Union. That's only 4,109 people out of 120,000 affected that are being compensated, or roughly 3% of the affected. Most people decided not to join the lawsuit, it looks like.
The government has decided to settle a class action suit filed by the affected. Of the $750 thousand dollars, 1,401 people will receive $150 and 2,708 people will receive $200.
This is meant as compensation for their time spent with credit reporting agencies Equifax or Trans Union. That's only 4,109 people out of 120,000 affected that are being compensated, or roughly 3% of the affected. Most people decided not to join the lawsuit, it looks like.
$750,000 dollars for the theft of 6 computers, or $125,000 per computer. When you consider that managed endpoint encryption like AlertBoot costs less than $14 per month, signing up for data protection would have been cheaper. For example, the settlement money could have provided for 744 years' worth of disk encryption for the 6 computers. Or, put another way, it could have protected 4,400 computers for an entire year.
$750,000 dollars for the theft of 6 computers, or $125,000 per computer. When you consider that managed endpoint encryption like AlertBoot costs less than $14 per month, signing up for data protection would have been cheaper.
For example, the settlement money could have provided for 744 years' worth of disk encryption for the 6 computers. Or, put another way, it could have protected 4,400 computers for an entire year.
Related Articles and Sites:http://www.edmontonsun.com/news/canada/2009/11/07/11668041-sun.htmlhttp://www.itworldcanada.com/news/computer-theft-shakes-revenue-canada/109770