in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: Estee Lauder Alerts NH Attorney General Of Laptop Theft

Databreaches.net reports that cosmetics powerhouse Estee Lauder has alerted the New Hampshire Attorney General's Office about a data breach.  The loss of a laptop compromised employee information, including SSNs.  It has not been revealed where the laptop was stolen or whether it was protected with laptop encryption software.

Minimal Details

Dissent at databreaches.net notes that the letter to the NH AG is very light on the details of the data breach.

We know this much for sure: a laptop was stolen, which contained employee information (current and former).  Some of the information involved includes names and Social Security numbers.  The laptop was company-issued.  It was also noted that the company "changed all passwords assigned to the employee for access to the stolen laptop."

Anything apart from the above is speculation.  Here's my two cents: I get the feeling that the laptop was encrypted.

The Reasoning

First, there is the fact that the laptop was company-issued.  While there are plenty of stories in the media about companies losing laptops that were not encrypted, we've got to remember that that's exactly why it's being reported.  I mean, who's going to publish news where encryption software like AlertBoot was used so "everything's alright"?  That's not news.

So, if you will, there is a "silent majority" out there that has their encryption in place.  (If this had been a personal laptop that was stolen, I'd be betting on encryption not having been used.)

Second, the company had enough security programs installed on the now-missing device that they could go ahead and change the password on it.  Now, your average Windows boot-up password cannot be changed in that way.  Ergo, there is something installed on the laptop that will "call home" and update itself, most probably via the internet.  It's not a stretch to presume that laptop encryption was used under such circumstances.

Of course, there is the unsettling fact that the use of encryption was not mentioned in the letter to the Attorney General.  However, I've been burned in the past (more than a couple of times, actually) where I speculated that cryptographic solutions were not used because they were not mentioned...but it turned out that they were.


Related Articles and Sites:
http://www.databreaches.net/?p=19817
http://doj.nh.gov/consumer/security-breaches/documents/estee-20110713.pdf

 
<Previous Next>

Errata: Wrong Dates For AlertBoot/eGestalt Webinars

Data Encryption Software: UNLV Announces 2008 Data Breach In 2011

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.