The media onslaught continues relentlessly against organisations whose employees, or contractors, lose laptops containing sensitive data, especially those of a personal nature. It seems almost every day one company or other is being named and shamed and accused of taking insufficient measures to protect laptop computers in particular.- Reuters reported on 20 January that Brazilian company Petrobras has confirmed that four laptops have been stolen from a transport container owned by the U.S. oil-field service company Halliburton. Press speculation is that this was a targeted theft by data thieves, eager to get their hands on sensitive data about a major natural gas deposit struck by the company in January.
- The Wall Street Journal is reporting today that German prosecutors say they are investigating the internal theft of confidential client data from Liechtenstein bank Liechtensteinische Landesbank AG, or LLB. Investigators allege the bank, which is the alpine principality's second largest, paid blackmailers millions of euros to try to keep the affair secret.
- And yesterday the Irish Parliament, the Dail, was briefed about the mugging of an employee of the New York Blood Service in New York on 7 February and the subsequent theft of CDs containing details of 170,000 Irish blood donors. The loss has been described as “sloppy”.
- The San Francisco Chronicle reported on January 17th that a back-up tape belonging to GE Money containing personal credit card information on about 650,000 customers of J.C. Penney and up to 100 other retailers went missing while in the care of data storage specialists Iron Mountain.
- In January a healthcare media subsidiary of CBS News reported that a medical doctor at a US fertility clinic had lost a flash drive containing sensitive personal details of over 3,000 patients.
- On the 29 January the Georgetown University newspaper reported that a hard drive containing the Social Security numbers of nearly 40,000 Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs on Jan. 3, potentially exposing thousands of students to identity theft.
Companies that fail to address this fast-growing problem, and fail to apportion responsibilities for data security, risk being named and shamed on the website http://attrition.org/dataloss/. And the website will prove to be a useful investigative tool for those whishing to litigate against, or prosecute, organisations for data loss.
Is this an IT staff issue, or should responsibility rest with line management? And what are security managers doing about protecting their companies against this insidious reputation exposure from what is, after all, common theft?
For an easy-to-follow feature on the pros and cons of data encryption, click here.
- And yesterday the Irish Parliament, the Dail, was briefed about the mugging of an employee of the New York Blood Service in New York on 7 February and the subsequent theft of CDs containing details of 170,000 Irish blood donors. The loss has been described as “sloppy”.
- The San Francisco Chronicle reported on January 17th that a back-up tape belonging to GE Money containing personal credit card information on about 650,000 customers of J.C. Penney and up to 100 other retailers went missing while in the care of data storage specialists Iron Mountain.
- In January a healthcare media subsidiary of CBS News reported that a medical doctor at a US fertility clinic had lost a flash drive containing sensitive personal details of over 3,000 patients.
- On the 29 January the Georgetown University newspaper reported that a hard drive containing the Social Security numbers of nearly 40,000 Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs on Jan. 3, potentially exposing thousands of students to identity theft.
Companies that fail to address this fast-growing problem, and fail to apportion responsibilities for data security, risk being named and shamed on the website http://attrition.org/dataloss/. And the website will prove to be a useful investigative tool for those whishing to litigate against, or prosecute, organisations for data loss.
Is this an IT staff issue, or should responsibility rest with line management? And what are security managers doing about protecting their companies against this insidious reputation exposure from what is, after all, common theft?
For an easy-to-follow feature on the pros and cons of data encryption, click here.
