in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: BP Loses Laptop With Oil Spill Victim Info (Updated)

BP, the UK oil company infamous for the Deepwater Horizon accident in the Mexican Gulf, has given "it" to Gulf Coast residents again: a laptop containing SSNs of thousands of oil spill victims has been lost.  The machine was password-protected, but it did not feature data encryption software such as AlertBoot.

Update (30 MAR 2011): The Associated Press mentions that the laptop held a spreadsheet with sensitive information.

Airport Involved?

An employee lost the unencrypted laptop; it is not known how, since BP is declining to reveal that information because of an ongoing investigation.  There are rumors that it was lost during a routine business travel (per computerworld.com.  It wouldn't surprise me.  A lot of laptops go missing at airports.  A good percentage of them are stolen.  Sometimes there's a mix up).

This latest corporate data breach incident will affect 13,000 people, individuals who have filed claims with the energy giant per the deepwater oil drilling fiasco from last year.  The lost laptop contained names, SSNs, addresses, phone numbers, and dates of birth.  I've got to wonder why SSNs were collected.  I'm sure there must have been a good reason for it, though (maybe for reporting to the IRS?) seeing how many lawyers the company must have hired in the last year.

Why No Encryption Software?

BP noted that the laptop was password-protected but not encrypted.  As you can read from the preceding link, password-protection doesn't even come to close what encryption can do when it comes to data protection.

Indeed, when you think about how easy it is to overcome password-protection, it makes you wonder: is it protecting the computer from you, the user?  'Cause it's certainly not protecting the data from laptop thieves, at least not from the ones that are stealing laptops for the data in them.

BP is a global company.  It must have secrets that it guards jealously, such as projections and estimates regarding undrilled oil fields.  You can bet that this information, and research associated with this information, is labeled as "classified" and "secret," and I'm willing to bet that it's stored in encrypted form.

Why wouldn't they do the same for people's information?  I mean, it's not as if they're not familiar with the concept of whole encryption software (this is assumption on my part, but let's face it, no way a Fortune 500 company is unaware of the importance and use of encryption).

It's a shame for so many reasons.  First, had full laptop encryption been used, the information on 13,000 people would be secure--not ifs or buts.  Second, BP would have been granted safe harbor from having to take this second PR fiasco: many of the states surrounding the Gulf of Mexico grant protection if personal information is lost but encrypted.

Florida also has a law on its books.  Alabama is the only Gulf state that doesn't have a data breach notification law, as far as I know (as always, I'm not a lawyer).


Related Articles and Sites:
http://www.foxnews.com/us/2011/03/29/bp-loses-laptop-containing-claimants-personal-information/
http://www.cnn.com/2011/US/03/29/bp.lost.laptop/
http://www.zdnet.co.uk/news/security-threats/2011/03/30/bp-loses-data-from-deepwater-horizon-claimants-40092333/?s_cid=938

 
<Previous Next>

Data Encryption: The FBI Needs Your Help To Crack A Code (And Solve A Murder)

Data Protection: UK National Identity Card Databases Destroyed

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.