A disastrous data breach has been averted by using hard drive encryption software on an Army laptop computer. Had encryption software not been used, it would have meant the potential breach of over 42,000 people.
The Family and Morale, Welfare and Recreation Command (FMWRC) at Fort Belvoir (Virginia) announced that a residential break-in on November 28 has resulted in the loss of a army laptop computer. It contained the information of over 42,000 MWR patrons. The theft itself looks to be a random burglary. What is a MWR? As the name implies, it's a military branch that deals with leisure and support services for military service personnel: golf courses, bowling alleys, fitness centers, etc. I've heard of an instance where DJ'ing equipment was available for loan as well. And, MWR goes where soldiers go. Even if they go war: there's an MWR in Iraq, and will be there as long as US soldiers are present. Of course, they're probably not offering golf courses (although, who knows what crazy stuff Saddam had in his palace?) Here's a question: what's a work computer doing at the home of an employee? I mean, you're not controlling access to a golf course from home. Right? On the other hand, I'm sure there's plenty of paperwork to be done by such an organization. For example, perhaps they have to analyze how often services are used and plan next year's budget accordingly: buy less inflatable tubes for the pool, etc.
The Family and Morale, Welfare and Recreation Command (FMWRC) at Fort Belvoir (Virginia) announced that a residential break-in on November 28 has resulted in the loss of a army laptop computer. It contained the information of over 42,000 MWR patrons. The theft itself looks to be a random burglary.
What is a MWR? As the name implies, it's a military branch that deals with leisure and support services for military service personnel: golf courses, bowling alleys, fitness centers, etc. I've heard of an instance where DJ'ing equipment was available for loan as well. And, MWR goes where soldiers go. Even if they go war: there's an MWR in Iraq, and will be there as long as US soldiers are present. Of course, they're probably not offering golf courses (although, who knows what crazy stuff Saddam had in his palace?)
Here's a question: what's a work computer doing at the home of an employee? I mean, you're not controlling access to a golf course from home. Right?
On the other hand, I'm sure there's plenty of paperwork to be done by such an organization. For example, perhaps they have to analyze how often services are used and plan next year's budget accordingly: buy less inflatable tubes for the pool, etc.
All of this rumination is a moot point, however, because encryption as well as other security measures were used to protect the contents of the stolen laptop. Granted, the Army should investigate whether any protocol was broken; but, seeing how the immediate concern is whether over 40,000 people are at risk of being an identity theft victim--the answer is "no"--the affair is a trifling one. Experts have noted that, with these security measures, "it is unlikely the information on the computer will be compromised...far more likely the hard drive will be removed, discarded, and replaced." I agree with the former, but not with the latter. Why throw away a perfectly good hard drive? My guess is a new operating system will be installed over it (just because a hard disk is encrypted with software like AlertBoot doesn't mean it cannot be zapped and reused).
All of this rumination is a moot point, however, because encryption as well as other security measures were used to protect the contents of the stolen laptop.
Granted, the Army should investigate whether any protocol was broken; but, seeing how the immediate concern is whether over 40,000 people are at risk of being an identity theft victim--the answer is "no"--the affair is a trifling one.
Experts have noted that, with these security measures, "it is unlikely the information on the computer will be compromised...far more likely the hard drive will be removed, discarded, and replaced."
I agree with the former, but not with the latter. Why throw away a perfectly good hard drive? My guess is a new operating system will be installed over it (just because a hard disk is encrypted with software like AlertBoot doesn't mean it cannot be zapped and reused).
Related Articles and Sites:http://www.scmagazineus.com/thief-steals-us-army-laptop-from-employees-home/article/159875/http://www.army.mil/-news/2009/12/16/31955-laptop-containing-personal-information-about-mwr-customers-stolen/