Category Archives: Data Security

NASA to Improve Data Security

NASA has taken a simple step which will help improve their data security procedures by ensuring that all laptops containing sensitive data are encrypted before taken off-site. This latest security measure has been enforced after the latest incident that saw a laptop and several documents containing ‘sensitive personally identifiable information’ being stolen from an employee’s car.

NASA commented on the incident, stating that the incident occurred on 31st October 2012 and that the laptop that was stolen was password protected but not encrypted. As a result, the data that is on the laptop is much more likely to be compromised than if it were encrypted (in which case data would have been scrambled and require a complicated code to unscramble it).

NASA is utilising the services of the data breach specialist company, ID Experts, in an attempt to limit the overall impact that the incident could have. The affected individuals will receive letters informing them of the data breach and the personally identifiable information that was on the laptop. This letter will also contain information in how they can help protect their personal identity by utilising the services that ID Experts offer at no cost to themselves. There is a concern that the affected people will be contacted asking to confirm personal information so NASA have made clear that no officials from NASA or ID Experts will be contacting them to confirm such information.

Linda Cureton, NASA’s Chief Information Officer has stated that they are aiming to encrypt as many laptops as possible by Wednesday and a one month deadline has been put in place to encrypt all relevant laptops. Employees have also been forbidden from storing data of a sensitive nature on other portable devices such as mobile phones and tablets.

It is concerning that it has taken NASA so long to start to implement more stringent data security measures – taking a simple step such as encrypting data can go a long way in helping to protect sensitive data.

This incident will remind other businesses that they should implement adequate data protection policies such as ensuring that employees encrypt their data on laptops and other portable devices. Such policies can significantly help protect confidential business and personal data. Accompanying this, an adequate data backup method is beneficial. Should a portable device be lost or stolen, the data can be securely recovered and reduce the overall impact that such an incident could have on the running of your business.

Do you backup and encrypt data on your portable devices? Do you feel the need to backup and encrypt data on your portable devices?

Hong Kong Immigration Department Suffer Data Loss

The Hong Kong immigration department have suffered from a data loss which has compromised data belonging to 3,000 travellers.

Then incident occurred when three netbook computers that are used in immigration control at Chek Lap Kolk airport were stolen from an office room that is locked whenever a member of staff leaves it. The three netbook computers contained passport data that belonged to selected passenger in transit and whose passports were scanned. It is believed that data belonging to Hong Kong nationals was not contained on the computers.

The chances of the data being compromised have been significantly reduced due to the existing security measures that were in place. The three netbook computers were in a standalone network and therefore cannot be used to access data on other networks. Supporting this, all the data that is stored on the computers is encrypted and multiple user credentials have to be authenticated in order to access the network. By implementing a few simple security procedures, the potential risk of the data being compromised has been significantly reduced.

A spokesman for the department stated, “The data in the computers has been encrypted, and log-in to the system is only possible after multiple authentication by using the registered user name and password. With such security measures in place, the access to the encrypted data is highly restricted, and it is unlikely that the said data will be compromised.”

The immigration department has informed the Privacy Commissioner for Personal Data of the data breach and a number of procedures have already been put in place to help prevent a similar incident from happening.  A security team which is being led by the deputy director of immigration have been given a three month period to investigate the issue and put forward some recommendations that will reduce the likelihood of such an event from occurring again.

This incident shows that by ensuring that reasonable security measures have been put in place, the potential impact of a data loss can be significantly reduced. The department could have easily been led into believing that as the door is always locked when a member of staff leaves the room that they wouldn’t need to encrypt the data and ensure that multiple user credentials have to be authenticated before logging onto the network.

If you are keeping confidential data on portable devices, it is very important that adequate security measures are in place such as encrypting the data and that it is recoverable by using an appropriate backup method. This can help reduce the impact that a data loss can have significantly and save you thousands of pounds.

Greater Manchester Police Hit with Fine after Data Loss

The Information Commissioners Office (ICO) has hit Greater Manchester Police with a £150,000 fine after a data loss incident.  This fine was later reduced to £120,000 after the ICO granted them a twenty per cent discount for early payment.

Data belonging to over 1,000 people with links to serious crime investigations had been saved on a memory stick and was taken home by a detective.  In July 2011, the detective’s home was broken into and his wallet which contained the memory stick and his car keys were stolen.

During the ICO’s investigation into the incident, it was revealed that Greater Manchester Police hadn’t acquitted themselves very well at all as data protection procedures were nowhere near the required level.

The data that was on the memory stick was in an unencrypted format and wasn’t even password protected. As there was no security measure taken place, the data on the memory stick could easily fall into the wrong hands and be readily accessible.

The ICO investigation team concluded that Greater Manchester Police staff hadn’t been significantly trained in data protection and this is despite a similar data loss incident that occurred in 2010. Surely after the incident in 2010 would have resulted in more stringent measures being put in place and enforced but obviously this wasn’t the case and confidential data has been put at unnecessary risk.

David Smith who is the ICO Director of Data Protection stated, “This was truly sensitive personal data, left in the hands of a burglar by poor data security. The consequences of this type of breach really do send a shiver down the spine. It should have been obvious to the force that the type of information stored on its computers meant proper data security was needed. Instead, it has taken a serious data breach to prompt it into action. This is a substantial monetary penalty, reflecting the significant failings the force demonstrated. We hope it will discourage others from making the same data protection mistakes.”

Assistant chief constable Lynne Potts later claimed, “This was very much an isolated incident. We take all matters relating to the storage of data extremely seriously and have stringent measures in place to ensure the safe storage of data.”

With the ICO now issuing such fines, it does make you wonder why data is still being put at an unnecessary risk. There are a number of basic security measures that can be employed such as encrypting the data which can help to reduce the impact if devices such as memory sticks are lost or stolen.

Tape backup theft affects 4.9M active and retired military personnel

On the 14th September, Science Applications International Corporation (SAIC), a contractor for the military contacted TRICARE, a healthcare system for active and retired military personnel and their families about a data breach. This breach has compromised sensitive data belonging to 4.9 million active and retired U.S military personnel. The data on the tapes; dates back to those who received care at the military’s San Antonio area military treatment facilities from 1992. This data breach was then made public two weeks after as TRICARE wanted to determine the level of risk to those affected.
“We did not want to raise undue alarm in our beneficiaries.” said TRICARE.
It is reported that the set of backup tapes were stolen from an employee’s car during transporting between federal facilities in San Antonio. The tapes contain sensitive data such as personnel names, addresses, social security numbers, phone numbers and personal health information. TRICARE insist that the tapes did not contain any financial information such as credit card details which will offer those affected little comfort.
Despite the large amount of data on the tapes not being encrypted, TRICARE class the misuse of this data as low.
“Since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure.” (TRICARE)
An investigation is now underway in hope of recovering the lost tapes. Vernon Guidry, vice president for media relations at SAIC stated “SAIC is working with the local police department, the Defence Criminal Investigative Services and a private investigator to attempt to recover the backup tapes,”
Such data breaches are common and do make you wonder why companies do not implement more stringent procedures to minimise the risk of such events occurring. Many companies still aren’t bothering to encrypt sensitive data and are increasing the likelihood of it falling into to wrong hands by transporting the tapes in an unsecure manner. The issue of data being compromised is set to intensify if current trends continue as according to the Privacy Rights Clearinghouse, a total of just over 3.2 million records containing personal data had been compromised in such incidents this year.

Data loss from left devices expected to have spiralled over holidays

Average UK citizens are expected to have lost thousands of devices over the Christmas period as over four million of us upped sticks and travelled by plane, train or automobile and transport hubs are collecting the laptops, smartphones and memory sticks that go missing as a result of the hustle and bustle.

This news has come as the result of a study commissioned by Credant Technologies, which involved contacting major UK airports and asking the lost property departments to tally up the number of data-holding devices which were left over the holiday season.

In total over 5100 smartphones and 3844 latptop computers were found at 15 locations across the country, including busy airports like Heathrow.

Those who do leave their mobile phones or laptops at the airport or on the train, can usually expect them to be sold on or given to a recycling charity if they are not claimed within an allotted period, although this does require that they are handed in rather than stolen.

It is significant to note that rather than stemming the damage of data loss, this could actually accentuate it as once the phones and computers are sold, there is no guarantee that the information stored within will be correctly erased, potentially delivering it into the hands of an unknown third party.

Identity thieves are harnessing data found on lost mobiles and the problem is only getting worse, so experts believe more needs to be done in order to ensure that losing a device does not necessarily have to result in serious data loss.

The place at which travellers are more likely to misplace their mobiles is during the rigorous security checks, according to a spokesperson representing Luton Airport. With the stress that is endemic to having your belongings scrutinised, it is thought that people are much more susceptible to forgetting to pick up their mobiles.

Mobile insurance can play a role in limiting the number of handsets which are subsequently reclaimed, as many who are covered simply make a claim and ignore the lost data which they have left behind.

Value of data unrecognised by many, study finds

Research suggests that most employees are not aware of the intrinsic value of data and, as such, focus more on lessening the chances of damaging mobile devices and portable storage, rather than actively minimising the threat of loss or theft.

There is clearly a confusion among most employees as 58 per cent of respondents to a recent study conducted by BlockMaster, said that they thought damaging a laptop to the extent that it is necessary to replace it, would prove to be more costly than a data loss incident caused by misplacing a portable USB memory stick.

Over 1000 people took part in the survey and a series of questions allowed the analysts to discover that while 29 per cent of people consider data loss to be a serious incident, about the same proportion consider being stuck in work overnight as a result of poor weather, to be the equivalent of a data loss disaster.

BlockMaster’s Anders Kjellander, admitted that while the results were clearly worrying, he was not surprised to find that many employees are simply unaware of the value of data to a business.

Mr Kjellander restated the point that IT hardware is less valuable to any organisation than the data which is stored upon it. He explained that while a broken computer is replaceable, lost or stolen data cannot be recovered.

Mr Kjellander pointed to the recent Wikileaks scandal as a clear indication that once data has made it out of safe hands, it can never be corralled back into secrecy. While the costs of replacing hardware are quantifiable, data loss can have an ongoing financial impact that is impossible to measure in the short term, according to SC Magazine.

Some believe that employees put a greater emphasis on protecting devices rather than data because they relate to corporate phones or laptops in the same way that they would to a personal device, which can be unhelpful in the fight against data loss and theft.

Automating security and ensuring that password protection and encryption are the very minimum levels of loss prevention in place is advised.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal