in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Police Encryption: Detective's Stolen Laptop Triggers Data Breach Notification

The theft of a laptop computer from the King County Sheriff's Office (Seattle, WA) has triggered a data breach involving approximately 2,300 people.  It's the type of data breach that is easily prevented via the judicious use of laptop encryption like AlertBoot Full Disk Encryption.  According to a spokesperson, "there was no malicious intent."

Car Theft

It's the oldest story in the book: computer gets stolen from car.  Or, rather, truck, in this case.  According to komonews.com:
The laptop and a personal hard drive were full of case files, including personal information about thousands of crime victims, suspects, witnesses and even police officers.

The laptop was stolen last March from the backseat of a detective's undercover pickup truck.
It took KSCO nearly three months to notify victims because "they had to figure out who they needed to notify."  Normally, my cynical self would claim that this is hogwash.  Washington state, like most states that have data breach notification laws, allows the dissemination of the breach via public notice (like newspapers, the television channels, etc.) if an organization is left without specific ways of notifying victims.

However, seeing whose data was involved, it stands to reason that notifying them should be done discretely.

Violation of Policy

The detective in question "violated KCSO policy" although it wasn't specified what the policy is.  Is it (1) always using encryption softwarewhen sensitive data is stored on a digital storage device, like a laptop or an external hard drive, (2) not storing any sensitive data on devices that were not issued by the Sheriff's Office, (3) never taking sensitive data outside of the office, or (4) a combination of the above (or even something else)?

It's obvious to me that the type of policy matters.  If it's one of those policies that look good on paper but have zero feasibility, it's hardly fair to the detective at the center of this data breach, isn't it?

Bueller?

According to komonews.com, "this was not the first data loss [the Sheriff's Office] had, but it was the largest."  Sigh.  Well, at least there is this: the KCSO was in the process of deploying encryption software on all department computers (60% of them encrypted at the time of the theft).  Obviously, the stolen computer was not cryptographically protected.

Seeing how three months have passed since then, one can only expect that that figure is now at 100%.

An easier approach may have been the use of AlertBoot FDE.  Because the deployment process occurs over the Internet, any computer that required encryption could have been protected from any internet hotspot.  The usual logistics of having to bring in the laptop to the IT department, dropping it off, and picking it up would have been superfluous.
Related Articles and Sites:
http://www.databreaches.net/?p=27980
http://www.komonews.com/news/local/Stolen-sheriffs-office-laptop-puts-thousand-at-risk-of-identity-theft-212860341.html

 

 
<Previous Next>

Mobile Data Security: Design School Graduate Releases "NSA-Proof" Font

Netherlands Encryption: Dutch Government Proposes Stricter Data Breach Notification Law

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.