in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

National Bank Of Canada Laptop Theft Affects A High Percentage. Laptop Encryption Probably Not Used

National Bank of Canada, Canada’s sixth-largest lender by assets, according to Bloomberg, has publicly announced that a laptop computer was stolen from its headquarters in Montreal.  Although not expressly stated, it seems to me that this particular laptop was not protected with data security software like laptop encryption from AlertBoot.  A shame since there was customer data on that laptop—a “high percentage” of their mortgage clients, according to the bank.

 

The sensitive information included names, addresses, bank reference numbers, and account numbers.  Other information such as social insurance numbers (Canada’s SSN), birth dates, or signatures were not included.  Due to the limited information found on the stolen computer, the bank is maintaining that the risk of using the information for fraud is minimal.

 

And yet, the bank is asking its clients to keep an eye out for suspicious activity on their accounts.  Makes you wonder why, if the risk is so minimal.  Plus, wouldn’t the bank be in a better position to monitor fraud?  I know I get a call whenever something weird pops up on their screens regarding a large purchase.

 

The thing about the stolen information is that it can still be used to carry out fraud.  For example, this article from the washingtonpost.com shows how such “minimal risk” information was used in an attempt to scam $12 million from 90,000 accounts.  That translates to roughly $130 per account.  Depending on the bank, such paltry amounts may not raise flags in the bank’s system, and it would be up to people calling in to complain to shine a light on any attempted fraud.

 

Unlike some people commenting at cbc.ca, I don’t think that the issue is that the data was stored on a laptop computer.  This equipment was stolen from the bank’s headquarters.  Bank headquarters generally tend to have security in place.  Now, since the laptop was stolen despite security, it stands to reason that anything else would or could have been stolen as well: it could have been a hard disk drive used as a back up; a bundle of printouts with the same sensitive information found on the laptop; a small desktop computer (sans monitor, of course).  Heck, one could have installed one of those keystroke loggers with a wireless transmitter.  If I were to believe some of the comments, getting rid of laptops would clear up any future data breaches.  But as the small number of examples I’ve given illustrate, this is not so.

 

Let’s not forget the nature of the thing that is being stolen: data is a metaphysical object.  You can burn a piece of paper with sensitive data on it, but if I’ve read it prior to your burning, it’s not going to do you much good (unless you’re trying to hide evidence from a trial or something).  You have to have the right kind of protection.  And when it comes to data protection, you want to use what the pros are using: encryption software.  If the bank had used laptop encryption to protect all of their notebook computers, they wouldn’t have to ask their customers to keep an eye out, nor have their employee keep an eye out for irregular activity as well.

  

Related Articles:

http://www.bloomberg.com/apps/news?pid=20601082&sid=a37RfkXgTPQA&refer=canada

http://www.cbc.ca/consumer/story/2008/09/24/bank.html#socialcomments

http://www.theglobeandmail.com/servlet/story/LAC.20080924.NATS24-3/TPStory/National

 
<Previous Next>

Massachusetts Orders Personal Information Protection Via Data Encryption. Content Security To See A Boost?

$50 And Lack Of Hard Drive Encryption Can Net You Lots Of IDs From eBay

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.