The Hong Kong immigration department have suffered from a data loss which has compromised data belonging to 3,000 travellers.
Then incident occurred when three netbook computers that are used in immigration control at Chek Lap Kolk airport were stolen from an office room that is locked whenever a member of staff leaves it. The three netbook computers contained passport data that belonged to selected passenger in transit and whose passports were scanned. It is believed that data belonging to Hong Kong nationals was not contained on the computers.
The chances of the data being compromised have been significantly reduced due to the existing security measures that were in place. The three netbook computers were in a standalone network and therefore cannot be used to access data on other networks. Supporting this, all the data that is stored on the computers is encrypted and multiple user credentials have to be authenticated in order to access the network. By implementing a few simple security procedures, the potential risk of the data being compromised has been significantly reduced.
A spokesman for the department stated, “The data in the computers has been encrypted, and log-in to the system is only possible after multiple authentication by using the registered user name and password. With such security measures in place, the access to the encrypted data is highly restricted, and it is unlikely that the said data will be compromised.”
The immigration department has informed the Privacy Commissioner for Personal Data of the data breach and a number of procedures have already been put in place to help prevent a similar incident from happening. A security team which is being led by the deputy director of immigration have been given a three month period to investigate the issue and put forward some recommendations that will reduce the likelihood of such an event from occurring again.
This incident shows that by ensuring that reasonable security measures have been put in place, the potential impact of a data loss can be significantly reduced. The department could have easily been led into believing that as the door is always locked when a member of staff leaves the room that they wouldn’t need to encrypt the data and ensure that multiple user credentials have to be authenticated before logging onto the network.
If you are keeping confidential data on portable devices, it is very important that adequate security measures are in place such as encrypting the data and that it is recoverable by using an appropriate backup method. This can help reduce the impact that a data loss can have significantly and save you thousands of pounds.