in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption Software: 1.4M Cattles Group Customers Affected By Breach

Approximately 1.4 million customer of the Cattles Group -- owners of the Welcome Finance loan firm in the UK (whose website currently has a message stating that "Welcome Finance is no longer taking applications for new loans") -- are being notified of a data breach.  Two "backup discs" which haven't been protected with data encryption software like AlertBoot are reportedly missing.

Discs?  Tapes?

Not only does the group not know where the missing data storage device happens to be, apparently they don't know what's missing (although, perhaps the journalist ought to be blamed for the following): the device is described as both backup discs and as tapes.  Which is it?

Not that it matters, really.  Encryption software could have been used on either to protect the data.  We are speaking of 1.4 million records, and data at that level requires strong data protection, even if it's relegated to names, dates of birth, and payment history (800,000 clients only had their names and addresses breached), according to a spokesperson.

This, however, appears to contradict the notification letter: according to one victim interviewed by thetelegraphandargus.co.uk, the letter read "the firm cannot account for her personal details, including bank details, national insurance number, date of birth and address."

Customers were not the only people affected.  The storage device also includes HR information for staff up to October 2010.  It was not mentioned how many were affected.

Not Surprising?

A quick search on the internet explains why Welcome Finance has a "no new loans" alert on its webpage.  It went bankrupt.

A company by the name of Bovess Ltd, described as a special purpose vehicle, has acquired Welcome Finance.  A SPV is known in the US as a Special Purpose Entity (SPE), and if I'm not wrong, was the reason why Enron was able to hide its debts before it declared bankruptcy.

In retrospect, perhaps it's not so surprising that the company had a massive data breach.  I mean, the last thing that a bankrupt company pays attention to is whether backup tapes are missing.  The more interesting question would be, who's responsible for this breach?  Is it Welcome Finance?  Is it Bovess?  Are they one and the same?


Related Articles and Sites:
http://www.thetelegraphandargus.co.uk/news/local/localbrad/9438853.Fraud_fears_as_loan_firm_loses_discs/

 
<Previous Next>

Reminder: California Breach Notification Law Amended, Beginning 2012, AG Must Be Notified

Solicitorsfromhell.co.uk Breaches UK Data Protection Act: Information Needs To Be Accurate

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.