in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: PK Yonge School of U. Florida Loses Laptop With Personal Info

The P.K. Yonge Development Research School at the University of Florida has announced a data breach affecting students and employees.  A laptop computer was stolen from a car, and it looks like hard drive encryption was not used to secure the data (although that won't be true for long).

8,300 People Affected

According to the University of Florida, "P.K. Yonge is a kindergarten-through-grade-12 laboratory school affiliated with University of Florida’s College of Education."  The stolen laptop appears to have been used by an administrator, since the information includes not only student information but employee information as well, such as payroll and parking permit information.

The information goes all the way back to 2000, and also includes names, SSNs, and driver's license numbers.  Academic and medical records for students were not stored on the computer.

Password-protection was used to protect the data, but it appears that encryption software was not.  Which begs the question, why not?

The theft took place in San Francisco when someone broken into a rental vehicle.  In other words, the laptop traveled all the way from Florida to California.  It also had to travel back, had it not been stolen.  I think it's pretty safe to say that the laptop--which, I remind you, contained restricted information--was outside a secure area for a good while.  Plus, one of the more common places where laptops get lost or stolen is at the airport.

So, you've got a laptop that's full of sensitive information.  It's not only on the move, which means there's already a heightened risk of a data breach, it's heading towards a high risk area when it comes to laptop thefts.

(Granted, the laptop was not stolen at the airport; however, you don't come out of a battlefield unscarred and say, "well, putting on my bulletproof vest was useless."  Protection requires looking at the situation beforehand and evaluating your risk profile, not evaluating your specific outcome after the fact.)

It's quite obvious that laptop encryption like AlertBoot ought to have been used on the laptop.  In fact, I would have recommended it regardless of the travel plans, since it contained SSNs and other sensitive information, and was probably kept in a low-security area: in my experience, most college administrative offices tend to have poor physical protection due to the relative safety of campuses.

Update:  Ah, I forgot.  The university for its part has stated that it has started encryption on their laptops, I assume on account of this latest data breach.


Related Articles and Sites:
http://news.ufl.edu/2010/08/31/yonge-privacy/
http://privacy.ufl.edu/incidents/2010/pkyonge/
http://www.gainesville.com/article/20100831/ARTICLES/100839928/-1/news?Title=Stolen-P-K-Yonge-laptop-had-8-300-student-employee-records&tc=ar

 
<Previous Next>

Laptop Encryption Software: What Exactly Are You Protecting Against? Applying Some Thought

Connecticut Insurance Data Breach Notification Rules: No Safe Harbor For Data Encryption (Update)

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.