MyLaptopGPS » data breaches

It’s Been a Bad Year of Data Breaches

Dan Yost — Wed, 30 Dec 2009 18:12:49 +0000

As the year draws to a close, it’s handy to take a look back at a year’s worth of trouble. As expected, the headlines just kept flowing, with lost devices leading the charge. The steady flow of data into the wrong hands seemed to pick up momentum this year, as always.

For a recap of this year’s MyLaptopGPS Rip of the Week column, view that index here.

Additionally, Redemtech has posted an excellent chronology of this year’s data breaches–highly worth a look.

While I can’t say it’s “been a good year” where data security is concerned, I can say that it seems that more and more organizations are waking up. Usually they wake up only by “force,” reacting to a big breach, but they’re awakening nonetheless.

Here’s hoping 2010 is safer than 2009.

More Coverage of MyLaptopGPS / Dan Yost for Oklahoma Data Breaches

Dan Yost — Thu, 07 May 2009 23:20:10 +0000

Here’s a brief index of media coverage regarding Wednesday’s press conference at the Oklahoma State Capitol, with Rep. Jason Nelson and Rep. Jason Murphey, and myself. Also, some related recent posts and prior coverage including MyLaptopGPS.

The Oklahoman

The Oklahoman (video, also below)

The Oklahoman (followup)

KOCO Channel 5 Project Economy

KOCO Channel 5 Project Economy (video, also below)

KOTV News on 6

KOTV News on 6 (video, also below)

Edmond Sun

KOCO Channel 5

KOCO Channel 5 (video, also below)

KFOR Channel 4

Tulsa World (my letter)

Tulsa Beacon

The Oklahoman (blog)

[See post to watch Flash video] [See post to watch Flash video] [See post to watch Flash video] [See post to watch Flash video]

Suffice it to say that, indeed, Oklahomans are not very happy, judging by the comments I’ve read and the reports circulating.

1,225,000 people breached–that’s about 1/3 of the State of Oklahoma, and it’s a lot of people to upset.

Stricter rules in Connecticut result in zero ID theft

MyLaptopGPS Blog Staff — Sun, 21 Dec 2008 03:22:54 +0000

According to an article in the Connecticut Post, there has not been a single case of identity theft linked to the August laptop theft from a state employee’s vehicle.

The laptop contained the names and Social Security numbers of more than 106,000 Connecticut residents, including many high profile state officials. After the theft, weeks of public incrimination and finger-pointing brought the crime into the public eye.

Public officials reassure that the information stored on the laptop has not been used, however they can’t promise that the computer still exists or that the information remains on the hard drive.

What sparks my interest is that a laptop under such public scrutiny would very likely fly under the radar for a long time. After all, if you think like a thief, and you’re wanting to use this information for identity theft, AND it’s likely that everyone affected by the theft has an at least temporary freeze on their credit, you’re not going to want to jump the gun too soon.

There’s a chance that the laptop was disassembled and sold for parts. But there’s an equally likely chance that the laptop is somewhere in the data cobwebs, lying in wait until the information can be used to its full potential.

Seriously, though. If we weren’t so busy pointing fingers, someone might have stumbled upon MyLaptopGPS. And then we wouldn’t be mumbling and grumbling 15 months after some obscure laptop theft, because the information could have been recovered immediately.

Data breaches: High percentage attributable to lost laptops, just like we’ve been saying

MyLaptopGPS Blog Staff — Mon, 27 Oct 2008 20:11:54 +0000

Forty-five percent of data breaches in Australia are attributable to lost laptop computers, reveals this report of Symantec Australia’s Data Loss Prevention Survey. As if that weren’t bad enough, nearly 80 percent of 156 major Australian organizations experienced some form of data breach during the five years immediately preceding Symantec’s survey of them. Additionally, just shy of 40 percent experienced between six and 20 known data breaches during the same time period — and the costs associated with these breaches have been, in many cases, astronomical.

The numbers are, of course, staggering. What’s more, customer records went missing at the highest rate (55 percent), followed by intellectual property (43 percent), credit card details (21 percent) and financial information (20 percent).

And, again, this is just in Australia. What’s the story elsewhere? Well, as far as security is concerned, it’s not that good.

According to a study from the Verizon Business RISK Team of 500 security breaches that occurred between 2004 and 2007, most organizations seem to lack the capacity even to know when a breach has occurred, even though most breaches are seen as easily achievable: Sixty-six percent of breaches, for instance, affect data that the organization does “not know was on the system,” three-quarters of breaches are “not discovered,” and a commanding 83 percent of breaches are “not highly difficult” to conduct.

And, amid the confusion and, frankly, bumbling practices, the number of breaches continues to mount, last month already surpassing last year’s total. Between Jan. 1 and Sept. 30 of this year, the total number of data breaches was 516, according to an ongoing tally by The Identity Theft Resource CenterÂ® (ITRC) announced on Oct. 6. The ITRC’s total for 2007 was 446 breaches, which suggested that the final number for 2008 would dwarf last year’s.

So, we have a picture: rampant data breaches; ineffective, nonexistent, or just plain clueless security practices; and laptop computers playing a key role. But security measures for mobile computing equipment don’t have to be difficult or too expensive to implement; they can be as simple and effective as laptop tracking from MyLaptopGPS.