A number of sources are reporting that Under Armour, the athletics apparel company, had a data breach of employee payroll information when a USB memory stick was sent via mail. The device was not protected with disk encryption software like AlertBoot. The blame falls on PricewaterhouseCoopers (PwC), auditors to Under Armour.
A number of sources are reporting that Under Armour, the athletics apparel company, had a data breach of employee payroll information when a USB memory stick was sent via mail. The device was not protected with disk encryption software like AlertBoot.
The blame falls on PricewaterhouseCoopers (PwC), auditors to Under Armour.
According to daytonadilynews.com and other sources, Under Armour's payroll information was lost on April 12, when a USB stick went missing in the mail. The device was "lost in transit to a PwC facility," according to a PwC spokesperson. The implication is that this was some kind of interoffice dispatch gone awry. The breached data includes names, SSNs, and salary information for an undeclared number of employees, although it's been pointed out that "the company employs 5,400 worldwide." If you look at Under Armour's latest 10-K filing, you'll see that As of December 31, 2011, we had approximately fifty four hundred employees, including approximately twenty nine hundred in our factory house and specialty stores and eight hundred at our distribution facilities. Approximately eighteen hundred of our employees were full-time. Most of our employees are located in the United States.... Assuming that "most" means "majority," it could mean that approximately 2,700 people were affected by this latest incident (although, who knows, really? It could have been the audit of top management only, limited to less than 100 people).
According to daytonadilynews.com and other sources, Under Armour's payroll information was lost on April 12, when a USB stick went missing in the mail. The device was "lost in transit to a PwC facility," according to a PwC spokesperson. The implication is that this was some kind of interoffice dispatch gone awry.
The breached data includes names, SSNs, and salary information for an undeclared number of employees, although it's been pointed out that "the company employs 5,400 worldwide."
If you look at Under Armour's latest 10-K filing, you'll see that
As of December 31, 2011, we had approximately fifty four hundred employees, including approximately twenty nine hundred in our factory house and specialty stores and eight hundred at our distribution facilities. Approximately eighteen hundred of our employees were full-time. Most of our employees are located in the United States....
Assuming that "most" means "majority," it could mean that approximately 2,700 people were affected by this latest incident (although, who knows, really? It could have been the audit of top management only, limited to less than 100 people).
I happened on this Under Armour story right after reading that PwC had reported that "8 out of 10 organizations suffered staff-related security breaches in 2011." According to that report, per computing.co.uk, The survey found that 82 per cent of large organisations had reported security breaches caused by staff, with 47 per cent reporting incidents where staff had leaked or lost confidential information... [The survey's author Chris] Potter argued that the report's finding indicated that security training is being neglected. "One of the biggest things that large organisations can do is to invest in security awareness programmes," he said. Ironic, no? At the same time, it's also "inevitable." If you're part of an organization that handles sensitive data, it can be guaranteed that at some point you'll have a data breach, small or big, just because there are so many ways things can go wrong. PricewaterhouseCoopers, for example, is a global company that does business in the "knowledge economy." Their product and raw materials is data. So, it's not surprising that they have the occasional data breach like the above. Or this one, from two years ago. At the same time, it's slightly depressing that easily-preventable data breaches like that involving Under Armour still occurs at companies that know better. I mean, PwC already knows about the importance of using encryption software to secure what can only be viewed as sensitive data. It must, seeing how their raw material for creating their product is sensitive data. No doubt that their employees know this, too. So, why the use of a USB disk that was not protected with encryption? While perfect data security might not be possible, there are surefire ways of lowering the risks of a data breach. The use of an encrypted USB device is one of the easier, and definitely preventable, ones.
I happened on this Under Armour story right after reading that PwC had reported that "8 out of 10 organizations suffered staff-related security breaches in 2011."
According to that report, per computing.co.uk,
The survey found that 82 per cent of large organisations had reported security breaches caused by staff, with 47 per cent reporting incidents where staff had leaked or lost confidential information... [The survey's author Chris] Potter argued that the report's finding indicated that security training is being neglected. "One of the biggest things that large organisations can do is to invest in security awareness programmes," he said.
The survey found that 82 per cent of large organisations had reported security breaches caused by staff, with 47 per cent reporting incidents where staff had leaked or lost confidential information...
[The survey's author Chris] Potter argued that the report's finding indicated that security training is being neglected.
"One of the biggest things that large organisations can do is to invest in security awareness programmes," he said.
Ironic, no? At the same time, it's also "inevitable." If you're part of an organization that handles sensitive data, it can be guaranteed that at some point you'll have a data breach, small or big, just because there are so many ways things can go wrong.
PricewaterhouseCoopers, for example, is a global company that does business in the "knowledge economy." Their product and raw materials is data. So, it's not surprising that they have the occasional data breach like the above. Or this one, from two years ago.
At the same time, it's slightly depressing that easily-preventable data breaches like that involving Under Armour still occurs at companies that know better. I mean, PwC already knows about the importance of using encryption software to secure what can only be viewed as sensitive data. It must, seeing how their raw material for creating their product is sensitive data. No doubt that their employees know this, too.
So, why the use of a USB disk that was not protected with encryption? While perfect data security might not be possible, there are surefire ways of lowering the risks of a data breach. The use of an encrypted USB device is one of the easier, and definitely preventable, ones.
Related Articles and Sites:http://www.daytondailynews.com/business/data-breach-hits-under-armour-1363303.htmlhttp://www.baltimoresun.com/news/breaking/bs-md-underarmour-20120422,0,4880808.story