Canada’s interim privacy commissioner, Chantal Bernier, has revealed that the Human Resources and Skills Development Canada (HRSDC) department failed to follow its own policies to help keep confidential secure.
As previously reported, the department lost a USB hard drive which contained confidential data belonging to 583,000 Canadian Student Loans Program borrowers from 2000 to 2006. The files contained information relating to student names, social security numbers, dates of birth and their loan balances. Contact information for 250 employees was also on the hard drive.
A report was tabled in Parliament on Tuesday which explained that the confidential data was compromised as the device was left unsecure, without password protection or encryption. It was also noted that employees were unaware of the sensitivity of the data being held on the hard drive.
Bernier stated, “Protecting personal information cannot be ensured by having policies on paper. Policies must be put into practice each and every day and monitored regularly.”
The investigation was started in January 2013 after the hard drive was reported lost and has yet to be found.
Such an incident proves that it is very important that employees are suitably educated about data security when dealing with confidential data. Several data security policies could be in place but if an employee doesn’t understand them or the importance of them being followed, it is more than likely that the policies will not be adhered to.
In this case, if the staff had been appropriately educated, they would have had an idea of the sensitivity of the data that was held on the drive.
Sears Holdings have confirmed that they are currently reviewing their systems to see if they have become the latest victim of a data breach.
So far, it is good news for Sears and their customers as the review has shown no signs that a data breach has occurred but the review is still ongoing.
Howard Riefs who is the director of corporate communications at Sears Holdings has confirmed that they are currently reviewing their systems to determine if they have suffered from a data breach.
Riefs stated, “There have been rumours and reports throughout the retail industry of security incidents at various retailers, and we are actively reviewing our systems to determine if we have been a victim of a breach.”
The retailer which has almost 2,500 stores in the United States and Canada have started the investigation after a series of reported data breaches by other high profile companies such as White Lodging and Target which resulted in debit and credit card information being stolen.
A major flaw in the point of sales systems is what hackers have been successfully exploiting. The flaw meant that unencrypted card details were held in a computer’s memory for a short period of time but long enough for the hackers to be able to obtain all of the information. It was this flaw that the hackers used in the Target data breach which resulted in the malware sending the card details to servers outside of the company.
With the rewards of successfully hacking into a company’s computer network and stealing confidential data becoming greater, the importance of ensuring that there are no weaknesses in your security plan is increasing by the day. This should be tested on a regular basis and set up to guarantee that the latest updates are downloaded and applied.
As part of a successful security plan, a robust backup solution should be utilised. This can help save a company thousands of pounds and limit any potential damage to its reputation. By having a robust backup solution in place, it means that data can be recovered to a required state no matter if it is deleted or modified.