in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Disk Encryption: Pioneer Bank Alerts Customers Of Laptop Theft

The following data breach harkens back to the days of old when hackers from China, Russia, North Korea, or whatever country you can think of, were not involved in a data breach.  I wish I could say it's a breath of fresh air but, honestly, I'd prefer that such data breaches don't take place.

According to cbs6albany.com and other sources, Pioneer Bank has started contacting clients about an employee laptop's theft and resulting data breach.  Was the laptop protected with the likes of AlertBoot's cloud managed disk encryption that was designed for instances exactly like this one?

It seems dubious…but the bank's notification letter notes that "secured personal information" (my emphasis) was on the laptop, and Albany is in New York (where breach notification laws do not extend safe harbor to encrypted data), so who's to say?

Vehicle Break-In

Love and marriage.  Horse and carriage.  Peanut butter and jelly.  And now, cars and laptop thefts.  These are all things that, apparently, go together.  In the past ten years that I've researched data breach instances, none has been more prevalent in headlines than a variation of "the laptop was stolen from a car."  Small details change here and there (car was parked in front of the house, outside a conference venue, at a hotel; the door was locked, it was unlocked; the laptop was in the trunk, in the front seat, in the back seat, beneath the seat, etc.) but it's essentially the same story over and over.

The result of the latest mishap is not quantifiable by the public since Pioneer Bank is not releasing the numbers.  However, they did let the media know that "secured personal information of certain customers, including names, social security numbers, street addresses, and account and debit card numbers." (timesunion.com)

Secured?

The word "secured" in the above is ambiguous: does it mean that proper encryption software was used to secure the data?  Or is it a reference to the use of password protection, which is worth less as a security tool than the name implies?

Accusations that one is trying to read more into it than there is fall flat when one considers that the bank took one month to get in touch with clients: it means the bank's lawyers had about one month to craft the message, and you can bet that the word "secure" was chosen for a reason.  If encryption had been used to protect the data, the word encryption would have been used in the notification: the media and its consumers are now pretty savvy when it comes to data breaches, and the loss or theft of encrypted data tends to dampen any indignation.

And assuaging anger is actually worth it: if you visit this Facebook page, you'll see that there's already a number of people who are extremely displeased by how the breach notification and other things were handled.


Related Articles and Sites:
http://www.cbs6albany.com/news/features/top-story/stories/the-real-deal-pioneer-bank-laptop-stolen-23601.shtml
http://www.databreaches.net/ny-stolen-pioneer-bank-laptop-contained-some-customers-data/
http://blog.timesunion.com/business/stolen-pioneer-bank-laptop-contained-some-customers-data/64014/

 
<Previous Next>

Cost of a Data Breach: Target Says 2013 Breach Cost $252 Million So Far

Data Encryption: Can Moral Hazard Account For Low Levels Of Corporate Data Security?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.