Textron Inc. has filed a letter with the Attorney General of New Hampshire, alerting his office of an employee and customer information data breach that occurred in October. The use of disk encryption software like AlertBoot was not mentioned. According to the letter, fifty-four NH residents were affected. The sample letter to the customers filed with the NH AG, though, contains addenda for MD, NC, VT, and WV residents, so it looks as if the breach covered a wide region. The breach stems from a missing external hard drive. The company has been unable to located it, and has conducted forensic audits to see what type of sensitive information was breached, if any. The audit revealed that customers and current and former employees were affected by the breach, and may have included names, addresses, SSNs, and account numbers. It affects people who have purchased or financed "timeshare intervals" or those who've applied or have "an association with a commercial loan with Textron Financial."
Textron Inc. has filed a letter with the Attorney General of New Hampshire, alerting his office of an employee and customer information data breach that occurred in October. The use of disk encryption software like AlertBoot was not mentioned.
According to the letter, fifty-four NH residents were affected. The sample letter to the customers filed with the NH AG, though, contains addenda for MD, NC, VT, and WV residents, so it looks as if the breach covered a wide region.
The breach stems from a missing external hard drive. The company has been unable to located it, and has conducted forensic audits to see what type of sensitive information was breached, if any.
The audit revealed that customers and current and former employees were affected by the breach, and may have included names, addresses, SSNs, and account numbers. It affects people who have purchased or financed "timeshare intervals" or those who've applied or have "an association with a commercial loan with Textron Financial."
As far as the Textron can tell, the information hasn't been misused--and they believe that the probabilities of such an event are low. The problem is, though, they can't be sure. (That's why they're offering the 12-month credit monitoring and identity theft coverage). Who stole the drive? Why did he steal it? Did he need a hard drive or did he steal it because he thought there was valuable information on the device? These questions are open-ended, and short of a crime happening--think, opening of mortgages under an assumed identity--there's no way to tell what's going to happen. One way to combat such unknowns is via credit monitoring...but, it's far from perfect. To begin with, monitoring, by definition, can't prevent anything. You're stuck with cleaning up after messes incurred from attempts by someone to fraudulently use your information. In fact, when you consider the meaning of the word "prevent," it's obvious something must be done prior to the event you're trying to stop from happening. What can one do beforehand to hardware theft, in order to protect personal and sensitive data? Use encryption to protect it, of course! Once encryption is in place, the loss of hard disks, USB memory sticks, laptop computers, and other digital devices will mean that thieves won't be able to access the information. An ounce of prevention really is worth a pound of cure in this case. Heck, you might say it's worth hundreds of thousands of cures, if you look upon the more notable data breaches that have occurred in the past couple of years.
As far as the Textron can tell, the information hasn't been misused--and they believe that the probabilities of such an event are low.
The problem is, though, they can't be sure. (That's why they're offering the 12-month credit monitoring and identity theft coverage). Who stole the drive? Why did he steal it? Did he need a hard drive or did he steal it because he thought there was valuable information on the device? These questions are open-ended, and short of a crime happening--think, opening of mortgages under an assumed identity--there's no way to tell what's going to happen.
One way to combat such unknowns is via credit monitoring...but, it's far from perfect. To begin with, monitoring, by definition, can't prevent anything. You're stuck with cleaning up after messes incurred from attempts by someone to fraudulently use your information.
In fact, when you consider the meaning of the word "prevent," it's obvious something must be done prior to the event you're trying to stop from happening. What can one do beforehand to hardware theft, in order to protect personal and sensitive data?
Use encryption to protect it, of course! Once encryption is in place, the loss of hard disks, USB memory sticks, laptop computers, and other digital devices will mean that thieves won't be able to access the information.
An ounce of prevention really is worth a pound of cure in this case. Heck, you might say it's worth hundreds of thousands of cures, if you look upon the more notable data breaches that have occurred in the past couple of years.
Related Articles and Sites:http://doj.nh.gov/consumer/pdf/textron2.pdfhttp://www.databreaches.net/?p=8727