The Navy's CIO has uploaded a case that could have been one of the worst breaches they've ever had. Thankfully enough, it turned out not to be so dire in the end, with eight individuals possibly being affected. But, even if the numbers had been higher, data encryption software similar to AlertBoot had been used to protect the contents, and any fears of identity theft would have been neutralized.
The breach occurred on July 27, when a navy building was burglarized: At least 10 laptops and 9 external hard drives were stolen. One laptop contained a file with approximately 60 system passwords/usernames/secret words along with the link to the related sites; a file that contained personal financial data including bank accounts, investment accounts, credit cards, salaries for myself and my wife, expenses, gifts and overall balance sheet. The file also contained links to the various financial institutions, as well as passwords/usernames/secret words and phone numbers; my entire contact list which included work and personal cell phone numbers, addresses, and personal notes, such as birthdates for friends and family; a file that recorded my lifetime government pay, bonuses, awards, promotions and salary; 'government only' contract sensitive information; discrimination and hostile work environment correspondence and a host of other privacy or sensitive information. There really was no way to summarize the above any further. As mentioned before, encryption software was used to protect the computers and drives. Some of these were brand new without any information saved on them, so while they did not make use of encryption, it couldn't possibly have any negative consequences (except for the financial hit of having stuff stolen). Among the lessons learned was that "full disc encryption works" and that unencrypted sensitive information (such as passwords to sites, such as on-line banking portals) should not be stored on computers.
The breach occurred on July 27, when a navy building was burglarized:
At least 10 laptops and 9 external hard drives were stolen. One laptop contained a file with approximately 60 system passwords/usernames/secret words along with the link to the related sites; a file that contained personal financial data including bank accounts, investment accounts, credit cards, salaries for myself and my wife, expenses, gifts and overall balance sheet. The file also contained links to the various financial institutions, as well as passwords/usernames/secret words and phone numbers; my entire contact list which included work and personal cell phone numbers, addresses, and personal notes, such as birthdates for friends and family; a file that recorded my lifetime government pay, bonuses, awards, promotions and salary; 'government only' contract sensitive information; discrimination and hostile work environment correspondence and a host of other privacy or sensitive information.
At least 10 laptops and 9 external hard drives were stolen. One laptop contained a file with approximately 60 system passwords/usernames/secret words along with the link to the related sites; a file that contained personal financial data including bank accounts, investment accounts, credit cards, salaries for myself and my wife, expenses, gifts and overall balance sheet.
The file also contained links to the various financial institutions, as well as passwords/usernames/secret words and phone numbers; my entire contact list which included work and personal cell phone numbers, addresses, and personal notes, such as birthdates for friends and family; a file that recorded my lifetime government pay, bonuses, awards, promotions and salary; 'government only' contract sensitive information; discrimination and hostile work environment correspondence and a host of other privacy or sensitive information.
There really was no way to summarize the above any further. As mentioned before, encryption software was used to protect the computers and drives. Some of these were brand new without any information saved on them, so while they did not make use of encryption, it couldn't possibly have any negative consequences (except for the financial hit of having stuff stolen).
Among the lessons learned was that "full disc encryption works" and that unencrypted sensitive information (such as passwords to sites, such as on-line banking portals) should not be stored on computers.
The fact that disk encryption works is not really that surprising. The military should know, having expended inordinate amount of resources over the decades on encrypting their information as well as decrypting the enemies' encryption. Back in World War II, for example, the use of the Enigma machine by the Germans--and the UK's successful efforts at finally breaking it, although it was a day-by-day fight--has been thoroughly documented and popularized for the general population. Modern disk encryption is nothing but the same technology doped up to be faster and more secure. And what's more, what the military uses is available to us civilians as well. If you, too, have a laptop or external hard disk with sensitive information (it's not just soldiers and sailors that can access financial accounts on-line, right?), the same encryption programs are available to you as well.
The fact that disk encryption works is not really that surprising. The military should know, having expended inordinate amount of resources over the decades on encrypting their information as well as decrypting the enemies' encryption. Back in World War II, for example, the use of the Enigma machine by the Germans--and the UK's successful efforts at finally breaking it, although it was a day-by-day fight--has been thoroughly documented and popularized for the general population.
Modern disk encryption is nothing but the same technology doped up to be faster and more secure. And what's more, what the military uses is available to us civilians as well. If you, too, have a laptop or external hard disk with sensitive information (it's not just soldiers and sailors that can access financial accounts on-line, right?), the same encryption programs are available to you as well.
Related Articles and Sites:http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221901402http://www.chips.navy.mil/archives/09_Oct/web_pages/DON_Privacy.htmlhttp://www.doncio.navy.mil/ContentView.aspx?ID=1423