in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: New Haven Rent Rebate Participants' Data Breach

The New Haven Library was the scene of a data breach late last month, when a thief or thieves made off with a laptop used by an Elderly Services Specialist to enter data for the Rent Rebate program.  The use of laptop encryption software such as AlertBoot -- technically, a managed computer disk encryption program, for those who require management of encryption keys and easy enterprise deployment -- would have ensured that the information on the laptop remains untouched.

If encryption wasn't used, the city cannot be certain about the data's integrity, and would have to spring for free identity protection (although in many cases, such services are offered regardless of the circumstances).

No Details

Other than the offer of the free id protection; when and where the theft took place (May 23, at the Mitchell Branch Library, 37 Harrison St.); and the "belief" that no one has accessed the data, there is not much to the story.  There isn't even a confirmation that encryption or password-protection is (or isn't) present.

For example, it was not revealed what type of data was compromised as a result of the laptop theft.  A quick search, however, shows that some very sensitive information could have been compromised.

A Little Digging Reveals Concerns

If you visit the New Haven website and do a search for "rent rebate" you get pointed to this page, where the office of the Mayor announces the beginning of this year's Rent Rebate Program:

(5/21/2012) The City of New Haven has begun accepting applications for the State of Connecticut’s Rent Rebate Program. Due to the high volume of applications for this program, residents interested in applying for this program must do so by appointment only. Walk-ins cannot be accommodated. The information below pertains to New Haven residents only. Renters from other municipalities should contact their municipality for information about the application process in their town.

The state program provides a reimbursement for Connecticut renters who are elderly or totally disabled, and whose incomes do not exceed certain limits. Persons renting an apartment or room, or living in cooperative housing or a mobile home may be eligible for this program. Rebates can be up to $900 for married couples and $700 for single persons. The rebate amount is based on a graduated income scale and the amount of rent and utility payments (excluding telephone) made in the calendar year prior to the year in which the renter applies.

The program is available to residents age 65 or older as of December 31, 2011, or residents at least 18 by December 31, 2011 who have been found by a government agency to be permanently and totally disabled. Income must be no more than $32,000 for single individuals, or $39,500 for married couples. Individuals receiving state cash assistance are not eligible.

Last year, 4,654 New Haven residents received $2.3 million dollars.

Individuals who do not live in senior housing and have received this benefit in the past should have already received an appointment notice from the City.

Residents of the following housing facilities may schedule application appointments by contacting resident services or management staff for their building:

[snip]

A FAQ on the program is also provided on the page, which goes on to show that certain materials must be presented in order to receive assistance.

Based on what I'm reading -- and what follows is speculation on my part -- it looks like there is a very good chance that Social Security numbers and other personal information (e.g., Medicaid ID numbers, military service IDs, etc.) must have been collected as part of this program.  Vetting the participants' information is at the heart of the program, and to do so would mean checking against income tax filings, aid and support from other government (or other) agencies, etc. which require the submission of information like one's SSN.

This other document, titled "Rent Rebate: What to Bring" shows the following as necessary documentation.

  • Social Security cards and birth dates for you and your spouse.
  • Proof of 2011 rent/utility payments (not cable):  12 rent receipts or printout or landlord letter, print-out of what you paid UI, SCG, RWA, your oil company, etc.
  • Proof of 2011 Income: salary, interest income, Social Security 1099 form, SSI, pension, annuities, rental income, railroad retirement income, proceeds from sale of property, ANY other source of income.  If you file an income tax return, bring a copy.

Data Loss Quite Disconcerting

When I searched "elderly services specialist" in Google News, I was presented with some very harrowing news titles such as "Elder abuse on the rise" and "The scams that target the elderly" and "Elder fraud: one couple's losses and hard lessons".

That last one is especially attention-grabbing (and long): it shows how an elderly couple got mired in a scam that stole their life savings, turned them into money-mules, and convinced them that they were not victims of a swindle (and then some).  In fact, when the couple's family tried to intervene, they were essentially accused of meddling their noses uninvited.

The other stories and articles were no less disturbing.

It appears to me that if the city of New Haven has a data breach on their hands that involves sensitive personal data -- especially information that has been successfully used in the past by scammers, such as SSNs, which are used in a number of fraudulent activities -- they should just come out and say so, as opposed to just springing for one year of identity theft protection.

I normally would make the argument regardless, but after reading the horror stories, I can't help but be more emphatic on the importance of letting the (potential) victims know as much as possible about the situation.


Related Articles and Sites:
http://www.courant.com/community/new-haven/hc-new-haven-laptop-0609-20120608,0,7046773.story
http://www.nbcconnecticut.com/news/local/Rent-Rebate-Laptop-Stolen-from-New-Haven-Library--158177055.html
http://www.nhregister.com/articles/2012/06/08/news/doc4fd206134783d161651112.txt
http://www.databreaches.net/?p=24470

 
<Previous Next>

What The Dirty Dozen Teaches Us About Security Questions

Data Encryption: Samsung, LG AMOLED Secrets Leaked Via USB Memory Stick

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.