in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: Towers Watson Information Breach The Next Colt Express?

databreaches.net has noted that a third entity has reported a data breach related to two DVDs missing from Towers Watson, and is wondering whether this is the next Colt Express situation.  If you'll recall, Colt Express suffered a break-in, and computers with sensitive information--which were not protected with disk encryption software like AlertBoot--were stolen, a disastrous event for a benefits administration company.

Eventually, Colt Express's breach went to affect companies such as Google, CNet, CA (Computer Associates), and others.

Towers Watson - 3 Affected So Far

The entities affected so far by the Towers Watson breach (well, the ones that went public):

  • Lorillard Tobacco: 2700 people, at least, per my reasoning
  • General Agencies Welfare Benefits Program:1874 people
  • City of Charlotte, NC: 5200 people

Towers Watson was, at least in the cases reported so far, also in charge of benefits administration, so therein lies the parallel to Colt Express.  But, that's also where the parallels end as well. 

TW is a company with a physical presence around the globe; Colt Express was filing bankruptcy proceedings at the time of the breach.  Colt Express suffered a break-in; TW lost two DVDs that were sent as part of a shipment.  Colt Express, it could be argued, didn't have control over the breach, whereas TW did.

Accidents: Unintentional but Preventable

TW sent that DVD unencrypted, despite knowing that the information contained within was sensitive in nature.  Of course, the breach itself is an accident.  However, it behooves us to explore that word a bit.  Is this an accident in the sense that "it was not preventable" or in sense that "we never meant for it to happen?"

Clearly, it's the latter.  There was nothing unpreventable about the breach itself.  As a business that deals with sensitive information all the time, Towers Watson probably knew of the need for securing that data, and has no doubt used encryption software in the past for similar situations where DVDs had to be mailed (otherwise, I would have to point out that the breach was just waiting to happen).

So, while I can appreciate the fact that this was an unintentional breach (very rare to find an intentional one, actually), I think that many would find it hard not to blame the company.  Or, more specifically, that one employee that either forgot or forwent the use of data encryption.


Related Articles and Sites:
http://www.databreaches.net/?p=11855
http://www.charlotteobserver.com/2010/05/26/1459410/some-charlotte-workers-personal.html

 
<Previous Next>

iPhone Encryption Is For Naught Under Linux

Laptop Encryption Software: Cincinnati Children's Hospital Breach Affects 61,000 Records

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.