The data includes “names, addresses, phone numbers, dates of birth, health card numbers and the names of primary physicians for 83,524 people who visited flu clinics for a seasonal or H1N1 shot between Oct. 23 – Dec. 15.”

And, of course, this is big news because, as usual, the USB device was not encrypted. Not by MyLaptopGPS FIPS-certified strong encryption for data at rest. Not by any other technology. Not at all. Kind of sounds like a Dr. Seuss book.

Unfortunately, now 80,000+ people get to wonder what’s happened to their health information. Thanks go to Redemtech for the tip.

(STILLWATER, Okla. – Oct. 27, 2009 – IDTheftSecurity.com) Laptop computer security firm MyLaptopGPS, featured in Inc. Magazine, TechRepublic and elsewhere, has introduced patent-pending laptop encryption to its already robust Internet-based laptop tracking product. MyLaptopGPS™, whose unmatched industry theft rate sees only 4 out of every 1,000 machines equipped with the technology going missing to thieves, now features encryption with the fastest speed available and algorithms that far surpass standard AES. MyLaptopGPS’ new FIPS Level 2–certified laptop encryption provides Remote Decryption Kill (RDK), as well, locking data out of thieves’ reach even in the unlikely event that the encryption key becomes available to them.

“Purchasing a capable laptop theft protection technology is easily one of the smartest moves any organization can make,” said Robert Siciliano, CEO of identity theft protection firm IDTheftSecurity.com. “The alternative to paying less than ten dollars per month to protect a machine is to play chicken with costs reaching into the hundreds of thousands, even the millions—the typical aftermath for any organization struck by a highly publicized data theft. MyLaptopGPS far surpasses its competition in not only protecting mobile computing devices from thieves once they’ve gotten a hold of a machine with valuable data on it, but also in deterring those thieves from even bothering to steal the machine in the first place.”

With clients in 18 countries across six continents, MyLaptopGPS, a Tri-8, Inc. company, is a leader in laptop computer security and mobile data privacy. Thanks to a proven multilayered security approach featuring strong encryption, covert laptop tracking, remote data recovery and deletion, and theft prevention, MyLaptopGPS boasts a 99.6 percent success rate in the battle against laptop theft.

MyLaptopGPS Encryption features the following:

• Remote Decryption Kill (RDK)—even a thief who has the decryption key cannot decrypt the data on a MyLaptopGPS-equipped machine
• Fastest encryption available today (patent pending)
• NIST FIPS Level 2 certification
• Non-expanding encrypted data footprint (patent pending)—whether they be entire disks or individual files and folders, the addition of MyLaptopGPS will not increase their size
• Flexible encryption model: disk, file, folder, file type, etc.—the technology adapts to protect entire disks or individual files
• Administrative recovery of lost keys
• Automatic re-encryption
• Hardware-specific encryption: data cannot be decrypted on any other hardware (optional)

“We are aware of no other solution that offers the level of protection now available with MyLaptopGPS,” said Dan Yost, chief technology officer of MyLaptopGPS. Yost, a recognized expert in laptop security and security best practices, provides guidance to corporations, small businesses, academic organizations, and other groups. He invited readers to follow MyLaptopGPS’ laptop computer security blog and laptop computer security posts on Twitter. Anyone who belongs to LinkedIn® is encouraged to join MyLaptopGPS’ laptop computer security group there.

“The addition of technology that enables users to actually shut off the keys to new, industry-leading encryption capabilities is truly game-changing,” Yost continued. “When your technology already stops laptop theft nearly one hundred percent of the time—the best success rate in the business—you know you’re doing something right. But we just couldn’t stop there, and now, the impossibly small percentage of MyLaptopGPS customers who do see their laptops go missing to thieves have at their disposal even more tools for damage control.”

Even without encryption, only 4 out of every 1,000 laptop computers equipped with MyLaptopGPS ever go missing to thieves, a theft rate unmatched in the industry; the company’s technology for laptop theft prevention, in fact, is itself a deterrent. Machines equipped with MyLaptopGPS laptop tracking technology that do end up in thieves’ possession have long enabled their rightful owners to remotely track their property and covertly delete and recover data from it, all unbeknownst to the criminal.

Additionally, MyLaptopGPS includes SafeRegistry™, a comprehensive system for inventorying entire fleets of mobile computers. Bolstering SafeRegistry is a full line of SafeTags™, police-traceable property tags designed to secure not only laptop computers, but also iPods™, iPhones™, cell phones, BlackBerry™ devices and other mobile property. Notably, SafeTags are applied with 3M 300LSE pressure-sensitive adhesive, the functional equivalent of welding for Low Surface Energy plastics.

###

About MyLaptopGPS

Celebrating 25 years in business, Tri-8, Inc. (DBA MyLaptopGPS.com) has specialized in complete system integration since its founding in 1984. From real-time electronic payment processing software to renowned mid-market ERP implementations, the executive team at MyLaptopGPS has been serving leading enterprises and implementing world-class data systems that simply work. With MyLaptopGPS™, Tri-8, Inc. brings a level of expertise, dedication, knowledge and service that is unmatched. MyLaptopGPS™’s rock-solid performance, security, and reliability flow directly from the company’s commitment to top-notch software products and services.

About IDTheftSecurity.com

Identity theft affects everyone. CEO of IDTheftSecurity.com, Robert Siciliano is a member of the Bank Fraud & IT Security Report’s editorial board and of the consumer advisory board for McAfee. Additionally, in a partnership to help raise awareness about the growing threat of identity theft and provide tips for consumers to protect themselves, he is nationwide spokesperson for uni-ball in 2009 (uniball-na.com provides for more information). A leader of personal safety and security seminars nationwide, Siciliano has been featured on “The Today Show,” “CBS Early Show,” CNN, MSNBC, CNBC, FOX News, “The Suze Orman Show,” “The Montel Williams Show,” “Tyra” and “Inside Edition.” Numerous magazines, print news outlets and wire services have turned to him, as well, for expert commentary on personal security and identity theft. These include Forbes, USA Today, Entrepreneur, Good Housekeeping, The New York Times, Los Angeles Times, Washington Times, The Washington Post, Chicago Tribune, United Press International, Reuters and others. For more information, visit Siciliano’s Web site (idtheftsecurity.com), blog (realtysecurity.com/blog), and YouTube page (youtube.com/stungundotcom).

The media are encouraged to get in touch with any of the following individuals:

John Dunivan
MyLaptopGPS Media Relations
PHONE: 405-334-4302
FAX 405-533-1136
info AT MyLaptopGPS DOT com

Robert Siciliano, Identity Theft Protection Expert
CEO of IDTheftSecurity.com
PHONE: 888-SICILIANO (742-4542)
FAX: 877-2-FAX-NOW (232-9669)
Robert AT IDTheftSecurity DOT com

Brent Skinner
President & CEO of STETrevisions
PHONE: 617-875-4859
FAX: 866-663-6557
BrentSkinner AT STETrevisions DOT com

But I’d be remiss not to issue a tip that puts my money where my mouth is. Or, that is, why not follow my own advice?

Laptop tracking, remote data destruction, covert data recovery, and a 99.6% security success rate are all excellent security layers. We’ve always said so, and have always used them. But now, it’s time to up the ante in a big way by bundling on-disk strong encryption–another extremely important layer we’ve always highly recommended.

A thief who has your laptop should have no access to your data, ever. Good on-disk encryption such as MyLaptopGPS Encryption guarantees that, and then, as always, the other layers back it up. Remember, there’s no silver bullet in the security world.

Another nice thing about a bundle of highly effective layers such as these is that additional features can surface as a result. For example, with MyLaptopGPS Remote Decryption Kill, even a thief who has your encryption key (you didn’t write it on a post-it note in your laptop bag, did you?) cannot decrypt your data.

A solid laptop data security strategy always relies on many layers. Encryption must be a primary one.

Encryption is a must when it comes to effective mobile data security. Key factors to keep in mind include:

1. Use a strong key (password, that is, pass PHRASE). Do not use “hello” or “password” as your password. Mix upper case, lower case, and numerical characters in. Also use symbols. A phrase is best: “Dan like$ to bloG each WEEK” is an example pass phrase.
2. Keep the key in a safe place. Your memory is a good spot (in your head). Don’t just write the password on paper and tape it to the machine. Think I’m kidding? People actually do this.
3. Use at least 128-bit encryption with a solid algorithm. Commercial-grade encryption software will provide this.
4. Be sure automatic encryption is in place. That is, don’t assume files are encrypted. Either do Full Disk Encryption (FDE) or use the encryption software utilities to verify what files/folders are being encrypted–and that they are re-encrypted after being decrypted for use, after a reboot, etc.

And, like all else, even encryption is not a silver bullet. This must be kept in mind. Poorly managed keys, sloppy/incomplete implementation, or undue obtrusiveness to users (causing them to try to circumvent) are primary ways that encryption is crippled. Use it, and use it correctly!

All of the information, which originally was stored on a password protected military database, was transferred earlier this year to an airman’s personal laptop to make working from home a bit more convenient.

Unfortunately, this convenience was costly. As reported Saturday in Stars and Stripes, British authorities are still looking for the stolen computer containing this personal information.

The post office employee to whom the laptop belongs reported the theft. The laptop was stolen directly from his residence, in nearby Brandon, in early January.

The article relates that, “The Air Force is not participating in the investigation but posted several notices at the mail center urging people to follow Federal Trade Commission guidelines for identification theft, which include placing a fraud alert on credit information. A mass e-mail with the same notification and advice also was circulated around the base.”

The notice stated that the probability that the information even be accessed is pretty low. There was a disclaimer, however, that they could not guarantee that foul play would not occur.

Air Force officials assured the military that the information was protected not only by a password, but also by a complex encryption system.

Mildenhall officials have not reported any cases of identity theft related to the stolen laptop. However, in the past year, there has been a surge in identity theft among military members stationed in England. According to the article, “150 cases totaling $70,000 were reported in July alone.”

While Mildenhall-based military may have a decreased risk of identity theft, it should still be noted that an overwhelming amount of identity theft cases can be traced back to laptop theft and general oversight of laptop security.

Should you also be concerned about the safety of your laptop, I urge you to look into MyLaptopGPS. It can save you a lot of time and money, return your laptop to you, retrieve sensitive information from the stolen laptop, and even delete that information from the laptop remotely after it has been returned to its rightful owner–you.

Just give it some thought. Because if you thought military security was strong, imagine where that puts your personal computer.

The article states that the devices held “private information about almost half of serving armed forces personnel – including bank and driving licence details, passport numbers, addresses, dates of birth and telephone numbers.”

The devices contained the details of around 100,000 serving personnel across the Army, Royal Navy and RAF, plus those of their family members.

Despite a security crackdown in June of 2008, a Ministry of Defence spokesperson now declared that technological security is a “top priority.” He added, “We have already encrypted 20,000 laptops that were not previously protected to the level required by current MoD and government policy.”

Though now over 20,000 laptops are well-protected, the fact remains that 217 laptops have already been lost or stolen, with untold amounts of valuable information contained on them.

It would be wise for the Ministry of Defence to employ a laptop tracking system such as MyLaptopGPS to protect from future theft.

The first, Abertawe Bro Morgannwg University trust, reported a laptop containing unencrypted health records and patient data stolen from its office building in South Wales.

Tees, Esk and Wear Valleys Foundation trust also reported stolen data, this time on a memory stick. The stick was unencrypted and contained information on both patients and staff.

First, it is important to encrypt all sensitive data. However, in cases such as these, it is also important to have a backup plan, like that provided by MyLaptopGPS.

PricewaterhouseCoopers released its sixth annual Global State of Information Security Survey 2008, announcing that businesses nationwide have implemented double-digit advances in new security technologies, but the focus of most businesses is on the technology itself rather than its security value.

PWC also said that more than half of surveyed businesses indicated that they do not have an accurate inventory of where personal data for employees and customers is even collected, much less transmitted or stored. About 51% of financial services respondents said that they do not require third party service providers to comply with company privacy policies.

Furthermore, most companies are interested primarily on protecting customer data — which is all well and good, if you have little to no concern for your employees. The survey indicates, “When security breaches occurred, financial services respondents indicated that employee records were just as likely as customer records to be affected.” Also, only 59% of firms indicated that they require data encryption on databases, file shares, and backup tapes. On top of that, 33% of companies do not use laptop encryption.

What this means for all you business owners out there is that your business is not as safe as it could potentially be, and not only your data is at risk: your employees are also at high risk.

Certainly, steps need to be taken to ensure employee information is stored properly, and that data is well-encrypted. Importantly, though, is that in an increasingly “mobile” workforce, laptops need to be protected. A simple encryption is the difference between secure data storage and the complete destruction of a company from the bottom up.

Think about it. Encrypt those laptops. And if you’re not about to go all out and have the tech people in your building encrypt everything, at least be equipped with technology like MyLaptopGPS data retrieval and laptop recovery. It’s the least you can do to protect your company, and your employees, from harm.

According to Ben Worthen’s article in the Wall Street Journal, Nevada is the first state (Michigan, Massachusetts and Washington plan to follow suit) to adopt laws that will force businesses “to revamp the way they protect customer data.” The law requires all businesses to encrypt personally identifiable customer data that are transmitted electronically.

However, this law does not just affect Nevada businesses. It spiderwebs out to all out-of-state companies with operations or customers in the state. National Life Group, based in Montpelier, Vermont, is one of thousands of companies that are scrutinizing the new law. Information Security Officer Andrew Spiers told WSJ, “We do business in all 50 states so we’re definitely reviewing [the new security laws].”

Though some companies are frowning upon this addition — which is going to be quite costly (especially in the country’s current financial crisis) –others are nodding to the money that this new law will save them in legal fees. The law dictates that all companies with the encryption in use are only liable for up to $1,000 in damages to each customer involved in a data breach. Without encryption, companies are liable for any potential lawsuits, including the added charge of negligence since they failed to cooperate with the newly passed law. In the long run, having the new data encryption can save billions of dollars in legal fees, though up front it will be slightly costly.

The Massachusetts state government estimates that a business with 10 employees will need to spend up to $3,000 starting out, and another $500 a month to comply with the encryption law. Larger companies assess costs to be the same per employee.

While they’re still on the data security subject, it would be wise to add a service like the laptop tracking provided by MyLaptopGPS — because despite encryption policies, laptops will inevitably be stolen. It’s better to have the encrypted data back in the right hands than floating around cyberspace somewhere with no way to recover it.

So, Nevada… think about that little addition.

Not the United States’ foreign policy… but the “foreign” policy of the friendly Brits across the pond.

This past Sunday, a laptop computer was reported stolen from a home in Greater Manchester. The article by the Telegraph tells that the home is currently rented by MI5 security services. Though the article reassures, “Police said the files were encrypted — making them impossible for anyone to access,” it’s nonetheless easy to worry about the machine falling into the wrong hands: the MI5 laptop contained anti-terror files, after all. Even the remote chance of nefarious folks gaining access to these files summons the specter of irreparable damage befalling any anti-terror knowledge the UK has already gained.

Thankfully, police believe this act was an “opportunist theft” and that the house and laptop were “not targeted.”

To their detriment, the Ministry of Defence recently admitted that 658 laptops have been stolen over the past four years. Most recently, however, an MI6 agent sold a digital camera on eBay that contained not only images of potential terror suspects, but their names, fingerprints, and, furthermore, images of rocket launchers and missiles.

It seems the UK needs to tighten up security measures in its government. Even with simple registration on the MyLaptopGPS website, all of this sensitive information could be recovered.