in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

File Encryption Software Could Have Helped Pulte Homes In Data Breach?

Pulte Homes, one of the largest home building companies in the US, has announced that a backup tape containing the information of 16,000 customers was stolen about a month ago.  Letters were sent to customers on December 19, and it's been picked up by the media on Christmas.  The use of file encryption software like AlertBoot would have certainly helped to protect these customers.  The question is, was it used in this particular instance?

Since there is no mention of it anywhere, I tend to gravitate towards "no."  Plus, combine it with all the warnings and recommendations that Pulte did make, and the scale tips even further towards "no."  For example, Pulte supposedly advised customers to close credit card and other financial accounts, and to get new PINs and passwords, in addition to offering one free year of credit monitoring.

Going back to the case, a box of backup tapes was stolen on November 13.  While the theft was noticed immediately, the police advised the company hold back on an immediate public disclosure.  The home builder took the time to identify customers who would have to be notified-- once the police deemed a safe amount of time had passed, I guess.

Why would police recommend such a thing?  I'd suppose one of the reasons would be not to alert the thieves about the treasure trove they have on their hands, assuming these thieves stole the tapes not knowing what they were.  No sense in letting these thieves know, right?

However, that kind of reasoning normally tends to work on devices that have a value in their own right.  For example, imagine an instance where a laptop computer that also serves as a data server for an internet-based startup company is stolen: a thief may have stolen the laptop because it's a laptop, not necessarily because it houses the credit card numbers of 10,000 customers.  This is not to say that the thief wouldn't attempt to check what's on the computer (and a further reason for using hard disk encryption to protect the contents), but at least there's a likely explanation for the theft other than the data.

But it would be different for a box full of tapes.  I mean, you find a box of VHS tapes that, based on the label, look like home videos.  They would have no resale value.  Do you steal them?  Most thieves wouldn't unless a) they have nothing better to do or b) they think there may be some kind of value in those tapes if they go through them.  A form of criminal value like, say, finding some way to perpetrate blackmail (are these sex tapes?)

Now substitute those VHS tapes with computer backup tapes.  Does the situation change at all?  I'd say no; those tapes are still worthless unless one thinks there may be something useful in there.  In other words, those tapes were most probably stolen specifically because they happen to be backup tapes.  This would be even more true if some other item of value happened to be next to the box of tapes (no mention of that, though).  So, it seems to me that the police department's suggestion was ill-advised in this case.  The construction company's customers ought to have been alerted ASAP…which turns out to be one month: it took Pulte about a month to figure out who could potentially be affected. (Conscientious people might make multiple backups, but I've never heard of backing up backups, so I can understand why it took so long.)

Data security is not hard, but it is hard to achieve.  I'm not sure how this box of tapes got stolen (did someone break in to a storage room?  Was it lying on the ground right outside of the storage room?  Was it in someone's convertible parked at the airport?), but, obviously, having someone around to keep an eye on things all the time would have prevented this breach.

An alternate option, and in some ways a better option, is probably the use of protection that travels with the data.  The use of backup tape encryption software would have prevented Pulte Homes's words to ring a little less hollow: "We definitely pride ourselves in having a safe environment for our customers."


Related Articles:
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2008/12/25/state/n123207S38.DTL
http://www.lasvegassun.com/news/2008/dec/25/identities-16000-pulte-homes-customers-compromised/

 
<Previous Next>

Laptop Encryption Software: It Won't Lead To Drug Busts

What Is The Best Disk Encryption Software To Be Used As Part Of My Laptop Computer Security?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.