The restricted information was not encrypted, and government officials
admitted breaching data security rules when sending Blears the files.

Peter Housden, chief civil servant from the department of Communities
and Local Government, said that the computer was password protected
and emphasised that “no damage had been done” because the documents
were not classified.

However, he admitted, “It is clear that papers have been sent to Hazel
Blears in a way that is not fully consistent with the departmental
guidance.”

The incident is the latest in a series of high-profile data security
lapses, culminating in last year’s loss of details pertaining to 25
million child welfare benefit claimants by HMRC.

Other incidents include an MI6 officer leaving a laptop in a taxi
after a night out, and the loss of a military laptop with data on
600,000 recruits.

Last week, secret government documents on al-Qaeda were also found
left on a Waterloo train, and handed to The Independent newspaper.

McAfee security analyst Greg Day observed that while the explosion in
mobile devices and “nomadic working” was improving productivity,
“everyone needs a greater awareness of the data risks involved”.

“While it is impossible to eliminate the risk of laptops and other
devices being stolen, security tools, such as encryption, can
eliminate the risks associated with data leakage,” he said.

Various laptop suppliers and security service providers are developing
innovative ways of increasing laptop security, from GPS tracking and
automatic triggering of the stolen device’s webcam to an inbuilt
wireless modem that can remotely destroy a hard-drive, even if the
laptop is turned off.

News of the theft of Blears’s laptop coincided with the second day of
IA08, the government’s “information assurance” event that took place
in London.

Source: http://www.information-age.com/home/information-age-today/442761/haze...

By Martin H. Bosworth
ConsumerAffairs.Com

June 9, 2008

A laptop containing personal information on AT&T employees and
management was stolen from an employee's vehicle last month, the
company said.
The laptop, which had no encryption or security protection beyond a
password lock, contained names, Social Security numbers, and salary
information for an undisclosed number of workers.
Employees were notified of the theft on May 22, seven days after the
theft, according to privacy watchdog PogoWasRight.org, which first
reported the story. In a letter to employees, AT&T said that, "The
measures and precautions we put in place to protect the security of
company-owned property and our employees' personal information were
not followed."
AT&T said that the responsible employee "has been disciplined."
"We believe that this was a random property crime and we have no
reason to believe this personal information has been compromised," the
company said. AT&T offered free credit monitoring from Equifax and has
set up a toll-free number for employees to inquire if they were
affected.
Disgruntled
AT&T employees were disgruntled at the thought of their personal
information being at risk due to lack of basic computer security
procedures. "It is pathetic that the largest telecom company in the
world -- with more than 100 million customers -- doesn't encrypt basic
personal information," one manager told NetworkWorld.Com.
Institutions from Boeing to Kaiser Permanente have suffered
embarrassing data breaches when laptops belonging to the companies
were stolen, all with valuable personal information such as names,
Social Security numbers, payroll records, and addresses on them.
The granddaddy of all laptop-based data breaches was the theft of a
laptop containing records on 26 million veterans from the home of an
analyst for the Veterans' Administration in May 2006. The laptop was
eventually recovered, and Maryland police charged two teenagers and an
underage accomplice with the crime. The FBI claimed that the data on
the laptop had not been accessed or misused.
Laptop theft or loss is one of the most common sources of data
breaches, due to the continued practice of employees taking personal
information away from the office, and companies not practicing
comprehensive security solutions, such as encryption of the laptop
hard disk or utilizing a virtual private network (VPN) to access
information in other locations.
In addition to using whole disk encryption, a host of businesses now
offer remote tracking and file deletion for stolen laptops, but only
if they access the Internet. The best way to ensure personal,
corporate, or government data is not exposed to theft is to not keep
it on a mobile device, or to use full-disk encryption if there is no
other option.

Source: http://www.consumeraffairs.com/news04/2008/06/att_laptop.html

On Jul 3, 7:23 am, incognitus0...@gmail.com wrote: