The US Commerce Department has announced that over the last five years it has lost over 1,000 laptop computers, with a quarter of them thought to have contained personal data. It appears that most of the data was unencrypted.
Last week the US public received the somewhat shocking news that the Commerce Department had lost 1,137 laptop computers since 2001, with at least 249 of them containing personal data on US citizens. The agency has been unable to ascertain exactly whose personal details were on the lost laptops. It is known only that 672 belonged to the US Census Bureau.
The findings are from a Commerce Department review covering 15 agencies that use a total of 30,000 laptops. The research comes as both businesses and governments try to tighten their control over mobile devices after several high-profile incidents involving the loss of sensitive data.
The Census Bureau's laptops are used for collecting census data in the field and rarely contain data on more than 100 households. However, the agency also lost 15 handheld computers used to gather survey data. As a result, the department is contacting 558 households. The National Oceanic and Atmospheric Administration, which falls under the Commerce Department, also lost 325 laptops, three of which had personal data.
The amount of damage caused to the government depends on whether or not the private data on the lost computers were encrypted. In most of these incidents there is no mention of such measures. At the same time, statistics show that data breaches are becoming more and more common.
“How on earth could you use laptops on such a scale and not encrypt personal data? From the review it is possible to surmise that the US Commerce Department failed to encrypt even one laptop. And that is despite the fact that 20-25% of them contain private data,” says Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld