in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: PwC Causes Under Armour Employee Data Breach

A number of sources are reporting that Under Armour, the athletics apparel company, had a data breach of employee payroll information when a USB memory stick was sent via mail.  The device was not protected with disk encryption software like AlertBoot.

The blame falls on PricewaterhouseCoopers (PwC), auditors to Under Armour.

Auditing Firm Loses USB Thumb Drive

According to daytonadilynews.com and other sources, Under Armour's payroll information was lost on April 12, when a USB stick went missing in the mail.  The device was "lost in transit to a PwC facility," according to a PwC spokesperson.  The implication is that this was some kind of interoffice dispatch gone awry.

The breached data includes names, SSNs, and salary information for an undeclared number of employees, although it's been pointed out that "the company employs 5,400 worldwide."

If you look at Under Armour's latest 10-K filing, you'll see that

As of December 31, 2011, we had approximately fifty four hundred employees, including approximately twenty nine hundred in our factory house and specialty stores and eight hundred at our distribution facilities. Approximately eighteen hundred of our employees were full-time. Most of our employees are located in the United States....

Assuming that "most" means "majority," it could mean that approximately 2,700 people were affected by this latest incident (although, who knows, really?  It could have been the audit of top management only, limited to less than 100 people).

Irony

I happened on this Under Armour story right after reading that PwC had reported that "8 out of 10 organizations suffered staff-related security breaches in 2011."

According to that report, per computing.co.uk,

The survey found that 82 per cent of large organisations had reported security breaches caused by staff, with 47 per cent reporting incidents where staff had leaked or lost confidential information...

[The survey's author Chris] Potter argued that the report's finding indicated that security training is being neglected.

"One of the biggest things that large organisations can do is to invest in security awareness programmes," he said.

Ironic, no?  At the same time, it's also "inevitable."  If you're part of an organization that handles sensitive data, it can be guaranteed that at some point you'll have a data breach, small or big, just because there are so many ways things can go wrong.

PricewaterhouseCoopers, for example, is a global company that does business in the "knowledge economy."  Their product and raw materials is data.  So, it's not surprising that they have the occasional data breach like the above.  Or this one, from two years ago.

At the same time, it's slightly depressing that easily-preventable data breaches like that involving Under Armour still occurs at companies that know better.  I mean, PwC already knows about the importance of using encryption software to secure what can only be viewed as sensitive data.  It must, seeing how their raw material for creating their product is sensitive data.  No doubt that their employees know this, too.

So, why the use of a USB disk that was not protected with encryption?  While perfect data security might not be possible, there are surefire ways of lowering the risks of a data breach.  The use of an encrypted USB device is one of the easier, and definitely preventable, ones.


Related Articles and Sites:
http://www.daytondailynews.com/business/data-breach-hits-under-armour-1363303.html
http://www.baltimoresun.com/news/breaking/bs-md-underarmour-20120422,0,4880808.story

 
<Previous Next>

Data Encryption Software: Eugene, Oregon Podiatrist's Computer Stolen

Data Security: Google WiSpy Is Much Ado About Nothing? Depends On Where You Are

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.