in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

UK Data Breach Costs: ICO Hands Out £150k Fine To Welcome Financial Services

The UK's Information Commissioner's Office (ICO) has fined Welcome Financial Services Limited £150,000 for failing to properly secure two backup tapes.  The tapes were not protected with data encryption software like AlertBoot and went missing in November of last year.

26 Formal Complaints

Last year, Welcome announced that around 510,000 customers' names, addresses, phone numbers, dates of birth and loan details were lost, or were presumed to be lost, when the company couldn't locate the backup tapes.  Apparently, 26 people out of the group decided to file a complaint with the ICO.

The half-million figure is a bit misleading, it turns out.  According to credittoday.co.uk:

The tapes, which have never been recovered, contain personal data relating to 1.4 million customers, limited to names and addresses for 800,000 but also including date of birth and payment history for 600,000.

I'm not sure what the discrepancy means but it appears that the data breach could have been greater than reported (as opposed to a breach of sensitive personal data).  Most sites are also quoting the 500k figure, but the ICO's own penalty notification letter confirms the above figures.

My own research had also found out that the company had declared bankruptcy (probably common knowledge in the UK), and I was left wondering, that if the company were penalized, who'd end up paying?  After all, for all pragmatic purposes, the company didn't exist anymore.

Well, it appears that for the purposes of the fine, the company does exist: the ICO's Monetary Penalty Notice, dated 02 July 2012, names Welcome Financial Services Limited as the data controller.  If the penalty is paid by 31 July 2012, a 20% discount will kick in, reducing the fine by £30,000.

Another detail I've found: the tapes in question were HP LTO-4, and according to HP's own site.

from LTO-4 onwards, secure AES-256 encryption provides even higher levels of data security and compliance with the most stringent industry regulations to prevent unauthorized data access.

From a purely technical perspective, it sounds like encryption could have been used on the backup tapes.  Considering all -- the number of people impacted; the type of information that was breached; the availability of technical safeguards -- it doesn't take a genius to know that the ICO had no choice but to come down hard, especially considering its actions this year.

Related Articles and Sites:
http://www.ico.gov.uk/what_we_cover/taking_action/~/media/documents/library/Data_Protection/Notices/welcome_finance_monetary_penalty_notice_enf0427198.ashx
http://www.out-law.com/en/articles/2012/july/credit-firm-fined-150k-after-losing-personal-data-of-half-a-million-customers/

<Previous Next>

Android Security: Your Smartphone Now Comes With Spam (Updated)

Data Encryption: eHarmony Password Analysis Shows MD5 Weakness, Rainbow Tables Not Necessary

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.