Yet more news about stolen laptops. Among the victims this time are two large organizations: The American Internal Revenue Service and the British Nationwide Building Society. The former has acknowledged the theft of 478 mobile computers over less than five years. And the latter has sent some 60,000 out of a total of 11 million customers a notification about the theft of private details. The 22,500 American students whose personal data was stolen looks almost paltry by comparison. InfoWatch experts consider the data protection measures taken by Western companies and governmental structures unsatisfactory.
The British Department of Financial Affairs is conducting an investigation into an incident at the Nationwide Building Society resulting from a night-time burglary at the house of one of the building society’s employees. The serious concern felt by the organization stems from the fact that a quantity of confidential information about the building society’s members was on the stolen computer.
Nationwide does not specify the nature of the stolen data, describing it as “limited personal data for market research purposes” – which tells us nothing. However, we do know that there were no PIN-codes, passwords or transaction information involved. Disturbingly, experts assert that even limited data ranges can potentially be merged with other existing data necessary resulting in the possibility of identity theft.
The building society has begun notifying its clients with around 60,000 having been contacted already. Nationwide has a total of around 11 million customers. Some have expressed concern that were such information to become freely available, it could pose a threat to national security.
Nationwide is maintaining silence over the details of the burglary and the investigation, citing the need not to hinder the police in the execution of their duties. But by way of reassurance, they have stated that there has been no other single attempt to breach their system, so no customer has been affected financially. In their announcement, they also state that the company has a strong data-defense system and that it will be made even more robust in the light of this event. Company policy now forbids employees from keeping client personal data on mobile computers.
The Department of Finance appreciates Nationwide’s speed in making the theft known. They are working together to reduce to a minimum the impact of this event on private citizens.
In America, yet another federal agency has admitted the leak of confidential information via a lost laptop. Over the period 2002-2006 alone, the Internal Revenue Service either lost or had stolen 478 laptops. In addition, 112 of them contained private data about American taxpayers, including National Insurance numbers. The Department cannot say how many millions of people are at risk of identity theft, but they are formulating estimates. The number is likely to be very considerable.
The majority of the computers were stolen. Of these, only 17 were returned. However, the surprising thing is that with nearly 500 incidents – each one of which could have major consequences for millions of US citizens – only 18 of the agency’s employees have been punished.
Under the pressure of public opinion, IRS management issued a statement which concentrated, in part, on the measures planned to increase the protection of taxpayer data. All machines will have an encryption system installed which will encode all data automatically, relieving forgetful operators of the need to remember to do it. But this program is only planned to be introduced in January of next year. When it will be completed is still not known.
Still in America, the police have recovered a laptop stolen from Connors State College, Oklahoma. An investigation is currently underway. The incident occurred on 15th of October. Apparently, a 22-year-old student, Edwin Hesslen, got into the university administration building through a window and stole the laptop which contained the personal information of 22,500 students throughout the state and included Social Security numbers, dates of birth and educational details.
Since the laptop was soon found (in the house of the student’s father-in-law), notification has not been sent out to those affected. The administration is awaiting expert opinion on whether the personal data was accessed, but said experts are unable – as yet – to give a definite answer.
Denis Zenkin, InfoWatch’s Marketing Director was sceptical about the measures these organizations have proposed to combat further data theft. He said, “The management of the taxation service of the United States promises to begin a program of data protection on laptops next January? That means that, at the very least, their computers will hold unprotected data for another six months. Their own track record suggests that over this period another fifty laptops will be lost. This means the potential loss of billions of dollars and millions more citizens affected. The Nationwide also has its work cut out – 11 million members is no joke. On the other hand, at least they claim to have already taken certain protection measures. I hope their clients will benefit from them.”
Sources: The Sunday Times, ZDNet UK, Washington Post News, NewsOK.com
