MyLaptopGPS

Forty-five percent of data breaches in Australia are attributable to lost laptop computers, reveals this report of Symantec Australia’s Data Loss Prevention Survey. As if that weren’t bad enough, nearly 80 percent of 156 major Australian organizations experienced some form of data breach during the five years immediately preceding Symantec’s survey of them. Additionally, just shy of 40 percent experienced between six and 20 known data breaches during the same time period — and the costs associated with these breaches have been, in many cases, astronomical.

The numbers are, of course, staggering. What’s more, customer records went missing at the highest rate (55 percent), followed by intellectual property (43 percent), credit card details (21 percent) and financial information (20 percent).

And, again, this is just in Australia. What’s the story elsewhere? Well, as far as security is concerned, it’s not that good.

According to a study from the Verizon Business RISK Team of 500 security breaches that occurred between 2004 and 2007, most organizations seem to lack the capacity even to know when a breach has occurred, even though most breaches are seen as easily achievable: Sixty-six percent of breaches, for instance, affect data that the organization does “not know was on the system,” three-quarters of breaches are “not discovered,” and a commanding 83 percent of breaches are “not highly difficult” to conduct.

And, amid the confusion and, frankly, bumbling practices, the number of breaches continues to mount, last month already surpassing last year’s total. Between Jan. 1 and Sept. 30 of this year, the total number of data breaches was 516, according to an ongoing tally by The Identity Theft Resource Center® (ITRC) announced on Oct. 6. The ITRC’s total for 2007 was 446 breaches, which suggested that the final number for 2008 would dwarf last year’s.

So, we have a picture: rampant data breaches; ineffective, nonexistent, or just plain clueless security practices; and laptop computers playing a key role. But security measures for mobile computing equipment don’t have to be difficult or too expensive to implement; they can be as simple and effective as laptop tracking from MyLaptopGPS.

Suppose you’re one of hundreds of thousands of pensioners from various companies and your data has gone missing, along with a company’s laptop, to thieves. You’d want to know about it, right? Well, you might be at the mercy of that company’s apparently lax internal policies for reporting the theft of mobile computing equipment.

In September, a laptop computer belonging to the UK offices of Deloitte went missing to thieves. On it were data records for approximately 100,000 pensionsers, reports SecurityPortal.com — or as many as 150,000, depending on where you read about it. And yet, SecurityPortal.com notes, the employee allegedly responsible for losing the machine waited until mid-October to inform the company of the incident.

That seems like a long time. Anyway, what are the implications of the theft?

A Deloitte spokesperson, quoted in ITPRO, has reassured those affected that information, protected by “a start up password, operating system user ID/password authentication, and encryption,” should remain safe and out of thieves’ hands.

And Deloitte is probably right about that. Even so, the lag of time separating the event from the employee’s reporting of it to superiors within the company is worrisome. Furthermore, the threat of lawsuits, or even the responsibility of having to inform all those affected, could cost any company in such a situation dearly.

It’s too bad, really, that more company laptops aren’t equipped with an inexpensive laptop tracking service. If they were, they’d enjoy a miniscule 0.4 percent rate of theft — much, much lower than the average: 12.5 percent.

Somewhere, thieves may already be drunk on the confidential information identifying close to 200,000 current and former employers of domestic brewer Anheuser-Busch Companies Inc. That’s because two laptops belonging to the firm went missing to thieves in June, according to The Associated Press. As typically seems to be the case with such thefts, “the company does not believe any fraudulent credit transactions or cases of identity theft have resulted from the laptop thefts,” reports the AP.

The question is, how can any company that has lost computers containing hundreds of thousands of employees’ Social Security numbers, addresses, dates of birth and more possibly believe the information isn’t somehow at risk? Any company that has lost computers to thieves ought to assume this to be the case.

Why?

It is nearly a certainty that valuable information, encrypted or not, in the hands of criminals is going to leave those it identifies at the mercy of identity thieves. In fact, this information’s availability is likely the very reason for the scope and magnitude of laptop theft. Once that information is gone, the pain really begins, as A-B has probably learned in marshaling the effort to notify potential victims, who reside in states across the nation.

The alternative, of course, is simple. You’re here at MyLaptopGPS right now. Just take a look around our site and learn how you could be saving yourself a lot of grief — not to mention money — by making the pennies-on-the-dollars investment in laptop tracking technology. Spare yourself the headache of becoming the next company that’s hemorrhaged many thousands of employees’ unique data records.

Say you work for a large company–seems like a safe bet, right? You often have job security, generous benefits, and many other perks. You’d think that security would extend to your Social Security number and other data, which the company has by virtue of you being its employee. But that security isn’t always a given; in fact, it seldom is if the news is any indication. This, at least, is what workers for a large cable provider based in St. Louis, Mo., have learned.

On Aug. 13, The Associated Press reported on the theft of 12 laptops–yes, 12 of them–from Charter Communications Inc.’s offices. During the week prior to the AP report, just about 9,000 former and current employees received notification from the firm that their Social Security numbers, associated names and birth dates were on the stolen machines. Even so, Charter Communications has “no reason to believe that the information has been or will be used improperly,” according to a company spokesperson quoted in the news report.

But they most surely do.

Any time a laptop computer with thousands of people’s Social Security numbers matched to other identifying information goes missing to thieves, the assumption should be that each and every one of those individuals is at risk of all kinds of fraud at the hands of identity thieves.

After all, most laptop thieves aren’t stealing the machines just for the hardware. In fact, the hardware is typically of little use to them. Sure, stolen laptops refurbished for the black market can fetch “good coin,” but an identity thief steals a laptop computer from a business because he understands that most firms exercise poor control over the kind of information stored on these machines. The thief knows that he’ll eventually hit the mother lode: a spreadsheet with thousands of employees’ names, Social Security numbers, birth dates, and maybe more — the raw ingredients for identity theft.

We’ve reported on the prevalence of laptop theft in many ways. The crime is rampant, frequently places consumers’ valuable data records in harm’s way, and costs billions. And now we can top off all this with the fact that many organizations seem to take forever to notify those whose data records are on stolen machines that their identities just might be in danger.

Take the recent news from across the pond.

This week, The Irish Times and others are reporting that the country’s Department of Social and Family Affairs lost a laptop computer to theft–a year ago. Furthermore, the agency is apparently just now contacting the social welfare recipients whose personal details were stored on the computer–all 380,000 of them, including about 100,000 whose bank account information was mixed in with the records on the machine.

Is it any wonder that consumers “are dissatisfied with the notification process used by companies following a data breach affecting their personal information,” according to a news release covering recent research from the Ponemon Institute on 1,795 U.S. consumers? The Consumer’s Report Card on Data Breach Notification reveals that more than 55 percent of respondents to the Ponemon survey report receiving notification of a data breach more than one month after the incident. Additionally, 50 percent of respondents rate the timeliness, clarity and quality of these notifications as only fair or poor.

While Ponemon’s research doesn’t specifically explore cases in which victims have waited as long as a year after an event occurs before even learning that the theft indeed happened (and that the incident left their information in peril for all that time), consumers on both sides of the Atlantic probably don’t like the idea. Needless to say, a viable laptop tracking and data recovery solution would have gone a long way in helping Ireland’s social welfare agency to retrieve its own laptop–and, more importantly, other people’s data that just so happened to be on the organization’s mobile computing device.