Playing Hide and Seek with Private Records

September 29th, 2008 by Agent Smith (1) In The Spotlight,security breach

Hide and SeekThe security breach case we’re about to talk about is both troubling and funny. Missing data found after a few days after the disclosure of the breach, or, in other words, playing hide and seek with personal records is what’s been happening at the Tennessee State University.

After spreading the news that a flash drive containing the financial information and Social Security numbers of more than 9,000 students, TSU thoroughly proceeded to notify their students of the security breach. They also backed their announcement with credit protection for those affected.

TSU has a policy about keeping Social Security numbers in protected files, yet the reality was that the missing flash drive wasn’t believed to be encrypted or password-protected. Pretty standard case up to now, as hardware is lost and leads to significant data loss, security policies are not complied with, etc.

But! Yes, there’s a “but”, a few days after the announcement, a student turned the flash drive in and TSU released the good news. No one really knows why the student had the drive or how he got it; let’s hope the internal audit will clear this mystery.

The fact that security policies are not really complied with no longer surprises any of us. But finding out that any student can get their hands on private records that easily is a bit troubling. And the position of TSU is a bit weird as well: ooouups, we’ve lost some pretty important data on our students! Oh, no, our bad, one of our students had it because we have protocol and policies just to show off!

Photo credit

Stolen Flash Drive with Personal Info on 2,600 Delphi Workers

August 12th, 2008 by Agent Smith (0) Data Theft & Loss,Identity Theft,In the News,endpoint security,security breach

A flash drive containing private information on 2,600 former Dayton-area Delphi workers has recently been stolen from an unattended laptop of a Job and Family Services department employee. The information stored on said drive included names, addresses, social security numbers and telephone numbers of the workers.

Helen Jones-Kelley, director of the Job and Family Services department, quoted by the Dayton Daily News, said leaving the laptop unattended during lunch hour was a violation of department policy and the responsible employee could be taken disciplinary actions against, including termination.

In what those affected are concerned, the same department representative said they have sent letters to all those involved.

© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML