in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption: Lake Ridge Middle School Loses USB Drive (Updated)

(Update, 26 May 2010) Apparently, the USB drive was stolen "from a bag in an administrator's unlocked car in her unlocked garage."  Approximately 1,200 students were affected by the breach.

Lake Ridge Middle School, in Virginia, has sent breach notification letters to students' parents.  According to this letter, a USB thumb drive that contained student information was stolen.  Whether disk encryption similar to AlertBoot was used to protect the contents was not mentioned.

Information Used for Emergency Contact

The information includes student names, their school identification numbers, guardian names, phone numbers, and student bus number (or whether they walked home).  The thumb drive was stolen "off of school property" last week, during a burglary.

One wonders what such information was doing off of school property.  It's been pointed out that the information was used by school admins to "contact parents in the event of an emergency occurring after school hours or under circumstances where the school building might become inaccessible or require evacuation."

It's actually a smart move, and a practice that's been around for decades, although the technology involved is different.  I remember that, when I was a child, my mother would receive calls from school teachers at odd hours in the morning.  They'd call if school was closed because it was snowed in, for example. Based on the hours, it was obvious the teacher was calling from home.  I'm assuming they used notebooks at the time, the kind made of bound tree-material.

That probably contributed towards student information from being breached as well.  I mean, what thief would steal a notebook?  You can't get that kind of security with devices like USB drives, though.  I guess that's why it would have been a smart move to use encryption software on the above stolen thumb drive.

Still Has Potential for Threat

Many might wonder, "is the above reason to be concerned?"  After all, the information doesn't seem too sensitive.  One might learn the above details at, say, Facebook.  I'm sure most parents would agree that it's not the type of information you want strangers to have.  I concur.

The fact is that the above information can still be used to perpetrate a crime.  For example, I've seen recurring reports out of Korea where scammers will telephone parents and claim that they've kidnapped little Johnny.  Little Johnny's actually playing with his friends, but the parents don't know this.

All that the parents know is that the kidnappers know that a) their kid's name, b) the fact that he rides a bus, c) the parent's number, d) that they can't reach their kid, and e) that they have to wire X amount of dollars to some account in the next hour.

Plus, there is the added pressure and problem-compounding threat that the parents "don't notify anyone or the kid gets it."

And then, there's the potential threat that the information can be used for an actual kidnapping: "Hi, Mike! You're Mary Smith's kid, right?  Mary told me to pick you up because of an emergency.  This is your mother's phone number, right?"

USB drive encryption on the now-lost machine would have been highly recommended.


Related Articles and Sites:
http://www.databreaches.net/?p=11774
http://voices.washingtonpost.com/local-breaking-news/virginia/personal-info-stolen-from-midd.html
http://lakeridge.schoolfusion.us/
http://www.wusa9.com/news/local/story.aspx?storyid=101701&catid=188

 
<Previous Next>

Disk Encryption Important, USB Port Control As Important: IBM Hands Out Malware-Ridden USB Drives At Security Conference

Data Encryption and Security Breach Laws in Ireland: Coming Soon?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.