in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Human Resources Data Encryption: Godiva Chocolatier Has Data Breach

It's not often that you can associate a chocolate merchant with the world of data breaches, but it's not impossible, either.  Especially if you make the mistake of not using something like AlertBoot's managed laptop disk encryption to secure the company's sensitive data.

Godiva, the international maker of excellent chocolate, has experienced a data breach that will impact an undeclared number of employees.  The data breach involved a car, a laptop issued by the company, and an HR employee who was visiting retail locations.

Same Old, Same Old

The story of laptop computers being stolen from cars is an old one.  It doesn't matter if you store it in the passenger seat, beneath the seat, or in the trunk: you've got a "secret" place to store valuables in a vehicle, I've got a data breach story for it.

In this particular case, I'm not quite sure where the laptop computer was stolen from, but I think it's probably the trunk:
we learned that a suitcase was stolen from a rental car that a human resources employee was using to visit Godiva’s retail stores that day. The suitcase contained the employee’s personal items and the laptop provided to the employee by Godiva…A password is required to log-in to the laptop, but the hard drive was not encrypted. The nature of the employee information on the laptop may vary with regard to the Company’s different employees, but it may have contained your name, address, and Social Security number. To date, the laptop has not been returned or found. [oag.ca.gov]
The computer was provided to the employee by the company.  A password was in place…but encryption software was not installed?  On a computer that contains HR data?  That will be taken out of the office (and hence company security perimeters)? In 2014?

I hope it was an oversight, but you really can't excuse such a thing in this day and age.  Especially for a company that brought in over $700 million in revenue in 2013.

A Twist on the Same Old, Same Old

This story is quite the hackneyed one.  However, there was an element to it that brought memories of an article I read as kid, and led me to wonder about the theft: what if the employee was targeted because he/she was an out-of-towner?

While I'm hazy on the details of the article (it's been decades), this was how criminals were targeting tourists visiting Florida – by identifying the car they were riding.  Here's a digest from miamibeach411.com (my emphasis):
Response after this eighth death [of a Miami tourist] in under a year was resounding. Headiness in the British tabloids read "Come to Sunny Florida and be Murdered for Absolutely Nothing," "Slaughter in the Sunshine" and "Plan Your Trip Like a Commando Raid." Governor Lawton Chiles issued an emergency executive order abandoning the Y-and-Z-beginning Florida tags for rentals and offering agencies a chance to trade them in for a vastly reduced fee. Sadly, fewer than 10% responded. Rental agencies were also instructed to remove all identifying marking from their rented vehicles so as not to tip off potential carjackers.
I don't know how the rest of the country deals with rental cars, but I've found that tagging rental cars as rentals, via the license plate, is not an uncommon practice across the world.  If this was true for the Godiva employee's case, then he or she was running an increased risk of a car theft… and so an increased risk of a data breach.

Which would make it a less hackneyed story but still egregious from a data security standpoint.  If you're carrying around human resources data, chances are that it's sensitive personal information.  There is no excuse for not having it protected.
 
Related Articles and Sites:
http://www.databreaches.net/how-sweet-it-isnt-godiva-notifies-employees-that-stolen-laptop-held-their-data/
http://www.miamibeach411.com/news/dead-german-tourist
 
<Previous Next>

Laptop Encryption: Beth Israel Deaconess To Pay $100K To Settle Breach Of Personal Laptop

Managing Disk Encryption: Londoners Leave Behind 25,000 Devices In Public Transportation

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.