Criminals are stealing laptops containing private data literally by the dozen. Data breaches are being reported one after the other, but laptop owners are doing nothing about it. According to experts at InfoWatch, the latest series of leaks and thefts point to the scale of the problem.
The theft of a laptop is akin to the theft of a wallet. In both cases it is possible to argue which was more valuable – the equipment or the information it contains, the fashion accessory or the documents and cards inside it. However, where a corporate laptop is concerned there is no contest. The losses will depend on what kind of information was on the computer and how much there was of it. In many cases the cost of compensation following a data leak can be enormous.
There is another thing that makes laptop theft similar to that of wallets. The number of stolen laptops is now on a par with wallets. This is down not only to the zeal of the thieves but also to the carelessness of laptop owners. In the past six months in London over 63,000 mobile phones, almost 5,000 laptops and nearly 6,000 PDAs have been left in licensed taxi cabs. The survey, carried out by the magazine TAXI, revealed that taxi drivers in many large cities around the world noted a distinct absent-mindedness shown by passengers regarding their portable electronic equipment.
In the light of these figures it remains a mystery why the owners of laptops and PDAs take no measures to protect the information on their equipment. The standard level of protection on such devices is a user password which can be easily circumvented. In other words, the information is unprotected. Only a few computers store information in an encrypted form. Although that method is not completely failsafe, it considerably increases the security of confidential information.
You don’t have to look far for examples of the problem. In early October customers with the Bank of America were informed that their personal data could be used by criminals following the theft of an unprotected laptop. In March of this year the press reported widely on the theft of a laptop that contained sensitive data on 196,000 Hewlett-Packard customers. Another 1,200 employees with the company Williams-Sonoma are also at risk as a result of a laptop theft. A San Francisco State University laptop that was lost in June also contained the names and Social Security numbers of over 3,000 students.
These cases show that it is not just big business or financial companies that are responsible for leaks of confidential information. Social organizations also face the same risks. The biggest threat for businesses is the loss of technical or commercial secrets, whereas the social sector puts people’s data at risk. The latter has far more disturbing effects…
On October 8 a laptop containing data on 33,000 patients, including 17,000 Social Security numbers, was stolen from a nurse’s car. Allina, the health care company responsible for the leak, made efforts to respond quickly to the incident. It changed the system for storing its records to avert similar incidents in future. The company also promised to provide credit monitoring services to those affected.
Wouldn’t it have been easier to think about this kind of incident earlier and try to avoid it? Implementing a protection system before a leak occurs avoids a lot of unpleasantness. Numerous studies have found that it is far more expensive to deal with the repercussions of an information leak than it is to deploy effective safeguards, especially when it comes to identity theft. The direct losses, as well as the public reaction, can lead to the demise of a company.
State employees, who by definition should be subject to greater protection, are one group that frequently finds itself at risk. A prime example is the theft of a laptop and hard drive with records on 26.5 million US veterans and serving military personnel. But there are more recent examples. A laptop containing data on almost 5,000 high school students from around the world who applied for officer school at Fort Monroe in Hampton was recently stolen. The loss could well lead to dismissals at the school, though the consequences for the prospective cadets can only be guessed at. Among the personal data listed were the students' names, addresses, phone numbers, Social Security numbers, parents' names, and dates of birth.
In another case, the Department for Veterans Affairs has once again warned that data belonging to veterans is under threat. This time the theft of a laptop from a health care building in New York was to blame. The computer, stolen from a locked room, contained names, Social Security numbers and patient analysis results. About 2,000 people could be affected by the leak. The credit history of all those affected will now be subject to close scrutiny.
“The theft of portable computers with the aim of obtaining confidential data is a widespread phenomenon. Such devices often contain vitally important business data. And, of course, we mustn’t forget about identity theft. All that is left to do is to wonder at just how negligent organizations are when it comes to safeguarding data. They seem to prefer spending money picking up the pieces after a leak rather than saving money by preventing the leaks in the first place,” says Denis Zenkin, marketing director at InfoWatch.
Source: Charged, TwinCities, Wavy, Courant
