in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Hard Drive Encryption Software: Roane State Community College Data Breach

9,747 current and former students and 1,194 employees at Roane State Community College have been alerted to a data breach.  The data was stored on a USB drive.  While the academic institution does have "policies [to] define rules for protecting confidential data," it hasn't been revealed whether full disk encryption like AlertBoot was used to protect the contents of the memory stick.

What's Missing?

  • Names and SSNs for 10,941 people (the students and employees mentioned above)
  • SSNs only for another 5,036 students, current and former.

Academic records were not included.

How'd It Happen?

An employee copied the information to a 4GB USB drive that was "used for work-related purposes."  He took it with him on October 9 to work on it from home.  However, he forgot the device in his car, which he also forgot to lock.  The employee reported the theft the very next day.

Hm.  "Used for work-related purposes."  Am I correct in reading that this was a college-sanctioned device?  Did they secure it by using encryption software on the contents?  On the other hand, I see this gem:

"The employee did act against RSCC regulations by copying school data and taking it off the property." [wbir.com]

I guess it was used for work-related purposes because work-related files were stored on the flashdrive.  Meaning it was not a sanctioned device, so I'm going to go with the odds and assume that USB flashdisk encryption was not used.

What Are The Chances?

Should people whose data was saved on that USB drive be concerned?  My opinion is most definitely.  Perhaps 10 years ago one could have claimed that there was little chance for worry.

But, the issue of ID theft has garnered a lot of attention in recent years, and everyone and their grandmother knows to fear it.

I wouldn't mind too much if the information had fallen into the hands of an average citizen, since there's a chance that the person would keep the device and delete the data, perhaps even return it.  But let's not kid ourselves, the information has fallen into the hands of a criminal.  How do I know this?  The average citizen doesn't go around breaking into unlocked cars.  It takes a thief to do that.

Knowing this, the chances of someone accessing that data and using or selling have increased dramatically.  Had encryption been used, the issue would be a moot one.  Instead, Roanites (Roanians?) are stuck waiting to see what happens next.


Related Articles and Sites:
http://www.roanestate.edu/keyword.asp?keyword=IDALERT
http://www.wbir.com/news/local/story.aspx?storyid=102422&catid=2

 
<Previous Next>

Wireless Encryption: TJX Lessons Not Learned At TimeWarner?

Hard Disk Encryption? Paper Documents Get Stolen, Too

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.