The InfoSec Blog
1Jan/07

2006: The Year of the laptop … stolen that is

When did you last secure your laptop?

The last year seems to have been a bumper one for stolen laptops, especially ones stolen from high profile companies and which contian plenty of personal information.

Many of the companies concerned seem to think that having passowrd proetction is adequate. Others think that because the laptop was stolen "for the hardware" and not for the information on it, all is OK. A couple think that firing the person who was using the laptop makes everythng OK.

"If thieves read the newspaper, they can readily figure out that they have got more than just a piece of hardware."

Well, I don't think so.

Will things change?

At the very least, the publicity has made it clear to theives that tTell me about when you saved the company a million dollars. Or when you successfully managed the million dollar project to deployment, on schedule and on budget. The infomation on the laptop is more valuable than the hardware. This year, 2007, any thief with any sense will sell the data and throw away the laptop. Perhaps on a rubish tip - oh, I see one did that 🙂

Here is a summary of some news articles from 2006

  • Missing: A Laptop of DEA Informants

    http://www.msnbc.msn.com/id/5092991/site/newsweek/

    By Michael Isikoff
    Newsweek
    June 7 2004 issue

    Federal investigators are frantically trying to determine what happened to a missing laptop computer that contains sensitive data on as many as 100 Drug Enforcement Administration investigations around the country, including a wealth of information about many of the agency's confidential informants, NEWSWEEK has learned. The computer was first reported stolen three weeks ago by an auditor for the Justice Department's Office of Inspector General, which was conducting a routine review of DEA payments to informants. The auditor told police the laptop had been stolen from the trunk of his car while he was at a bookstore coffee shop in suburban Washington. But when investigators confronted the auditor last week and questioned his account, the auditor changed his story, saying he had accidentally damaged the computer - then destroyed it and threw it away in a Dumpster to avoid embarrassment. Investigators are seeking to verify his new account.

  • UCLA laptop theft exposes ID info

    http://zdnet.com.com/2100-1105-5230662.html

    By David Becker
    CNET News.com June 10, 2004

    Representatives of the University of California, Los Angeles, are warning 145,000 blood donors they could be at risk for identity theft due to a stolen university laptop. Thieves broke into a locked van last November and grabbed a laptop with a database that includes names, birth dates and Social Security numbers for all blood donors, according to a university statement. The database did not include medical informati on other than blood type, according to the statement, and university officials did not recognize the significance of the loss and the potential for identity theft until the matter came up in a security audit last month.

  • Police: Thief was unaware of laptop's secret data

    http://www.haaretz.com/hasen/spages/443144.html

    By Roni Singer and Tsahar Rotem
    June 25, 2004

    The thief who stole a laptop containing sensitive information on undercover police agents was apparently unaware of its contents, so the information probably remains uncompromised, police sources said yesterday. The laptop was stolen overnight Tuesday from the Herzliya residence of a police psychologist working for the intelligence department. The thieves also took the officer's car, which bore police license plates, and various other items. The laptop was recovered in the West Bank city of TulKarm less than 24 hours later.

  • Laptops at the FleetCenter at risk of breaches, attack

    http://www.boston.com/business/technology/articles/2004/07/22/laptops_at_the_fleetcenter_at_risk_of_breaches_attack/

    By Hiawatha Bray
    Globe Staff July 22, 2004

    The Democratic National Convention will attract thousands of visitors armed with laptop computers that feature wireless Internet access. And that could be a formula for disaster, according to a Boston data security firm that recently ran a vulnerability test in the area around the FleetCenter. Michael Maggio, the president of Newbury Networks Inc., said that unless proper precautions are taken, computer vandals will be able to tap into these laptops by using wireless transmitters located outside of the FleetCenter. The attackers could then use the compromised laptops to gain access to the computer network used to run the convention. The vandals could obtain sensitive information related to the campaign of presidential candidate John Kerry. Or they could unleash an attack that would bring down the network and throw the convention into chaos.

  • Study: Lax laptop policies create security concerns
    http://www.computerworld.com/securitytopics/security/story/0,10801,97094,00.html

    By John E. Dunn
    NOVEMBER 01, 2004
    TECHWORLD.COM Company laptops are routinely used to download music and video, access porn, and do online shopping, a new Europe-wide survey has revealed. So big has the problem become that laptops returning to company networks after their travels are now one of the biggest security hazards faced by many companies. Despite this, 70% of companies questioned offered no written guidance to employees on the use of their machines, and only a quarter imposed technological restrictions. "I don't know if it's a lack of awareness or that they [companies] are focused on security from within the network," said Mark Murtagh of Websense. "They are looking at the traditional threat of viruses but not doing a good job of protecting against the evolving threats."

  • Blood bank fears laptop heist ID theft
    http://news.com.com/Blood+bank+fears+laptop+heist+ID+theft/2100-1029_3-5500114.html

    By Paul Festa
    Staff Writer, CNET News.com December 21, 2004

    More than 100,000 people who donated to a California blood bank may have parted with more than plasma. Delta Blood Bank sent a letter Friday to donors, warning them a computer that held their personal information had been stolen and advising them to take steps against identity theft and credit card fraud.

  • Stolen UC Berkeley Laptop Exposes Personal Data of Nearly 100,000
    http://www.washingtonpost.com/wp-dyn/articles/A7653-2005Mar28.html

    By MICHAEL LIEDTKE
    AP Business Writer
    March 28, 2005

    SAN FRANCISCO (AP) -- A thief has stolen a computer laptop containing personal information about nearly 100,000 University of California, Be rkeley alumni, graduate students and past applicants, continuing a recent outbreak of security breakdowns that has illustrated society's gro wing vulnerability to identity theft. Notifying all of the 98,369 people affected by the UC Berkeley laptop theft could prove difficult beca use some of the students received their doctorate degrees nearly 30 years ago, university officials said.

  • MoD suppliers' laptop turns up on rubbish tip
    http://www.theregister.co.uk/2005/04/26/tip_secret_laptop/

    By John Leyden
    26th April 2005 An Oxfordshire-based security company claims to have found sensitive MoD-related files on a laptop bought from council rubbish dump. The partner of a back-office worker at penetration testing outfit SecureTest bought the IBM Thinkpad laptop for £80 from a colleague at a council rubbish tip earlier this month. SecureTest staff looked at machine for a favour. The technician who investigated files left on the machine with forensic tools (called ENcase) was shocked at what he found: recovered tenders for military communications software contracts, technical information and minutes of meetings with Navy personnel marked restricted. "It looks like a MoD supplier.s laptop," Ken Munro, managing director of SecureTest told El Reg. No secret files were involved but even so the case raises further questions about the disposal of PCs containing potentially sensitive military information.

  • Ameriprise Says Stolen Laptop Had Data on 230,000 People
    http://www.nytimes.com/2006/01/26/business/26data.html

    By ERIC DASH
    January 26, 2006

    Ameriprise Financial, the investment advisory unit spun off from American Express last year, said yesterday that lists containing the personal information of about 230,000 customers and advisers had been compromised. A security breach occurred in late December, Ameriprise said, after a company laptop was stolen from an employee's parked car. The laptop contained a list of reassigned customer accounts that was being stored unencrypted, a violation of Ameriprise's rules.

  • Could your laptop be worth millions?
    http://news.com.com/Could+your+laptop+be+worth+millions/2100-1029_3-6032177.html

    By Will Sturgeon
    Special to CNET News.com January 27, 2006

    The average laptop could contain data worth almost $1 million, according to new research. A report released Friday by security-software company Symantec suggests that an ordinary notebook holds content valued at 550,000 pounds ($972,000), and that some could store as much as 5 million pounds--or $8.8 million--in commercially sensitive data and intellectual property. The same research, commissioned by Symantec, shows that only 42 percent of companies automatically back up employees' e-mails, where much of this critical data is stored, and 45 percent leave it to the individual to do so.

  • Hacker hands over laptop
    http://www.mlive.com/news/fljournal/index.ssf?/base/news-34/1138897570313390.xml&coll=5

    By Bernie Hillman
    THE FLINT JOURNAL
    February 02, 2006

    LINDEN - A Linden High School senior who hacked into school records - possibly for the purpose of changing school grades, police say - handed his laptop over to police Tuesday. "He admitted getting into some files," Coverdill said. "We don't know what files - possibly changing school grades; we don't know to what degree." But hacking into a school computer is no easy task, said Thomas Svitkovich, superintendent for the Genesee Intermediate School District. "There are fire walls and protective devices in place at all levels," he said. "The systems are closed systems. You can't just dial up and get into something, but I don't know what he got into or what he was doing." "(The school) had suspected something was wrong with their files. They approached him, and he admitted to it," Coverdill said.

  • Ernst & Young loses four more laptops
    http://www.theregister.co.uk/2006/02/26/ey_laptops/
    E&Y may be number two in revenue and employees, but it appears to be number one when it comes to losing laptops...

    By Ashlee Vance in Mountain View
    26th February 2006

    Ernst and Young appears set on establishing a laptop loss record in February. The accounting giant has lost four more systems, according to a report in the Miami Herald. A group of Ernst and Young auditors toddled off for lunch on Feb. 9, leaving their laptops in an office building conference room. According to security footage, two men entered the conference room a couple of minutes after the Ernst and Young staffers left and walked off with four Dell laptops valued at close to $8,000, the paper reported.

  • State college in Colorado warns 93,000 after laptop theft
    http://www.computerworld.com/securitytopics/security/story/0,10801,109208,00.html

    By Robert McMillan
    MARCH 03, 2006

    IDG NEWS SERVICE A state college in Denver believes it may have lost sensitive information on more than 93,000 students after one of the school's laptop computers was stolen from an employee's home late last month. The unnamed employee of Metropolitan State College had been using the information, including student names and Social Security numbers, to write a grant proposal, the college said Thursday. The data, which appears to have been unencrypted, was also being used by the employee to write a master's degree thesis, the school said. The laptop was stolen on Feb. 25, but Denver police asked the school to wait until March 1 to go public with news of the theft to help with the ongoing investigation. Students who registered for Metropolitan State courses between the 1996 fall semester and the 2005 summer semester are now being notified of the incident via letter, the college said.

  • Lost Ernst & Young laptop exposes IBM staff
    http://www.theregister.co.uk/2006/03/15/ernstyoung_ibm_laptop/

    By Ashlee Vance in Mountain View
    15th March 2006
    Exclusive - Ernst & Young has lost another laptop containing the social security numbers and other personal information of its clients' employees. This time, the incident puts thousands of IBM workers at risk. Ex-IBM employees are also affected. The Register h as learned that the laptop was stolen from an Ernst & Young employee's car in January. The employee handled some of the tax functions Er nst & Young does for IBM workers who have been stationed overseas at one time or another during their careers. As a result of the theft, the names, dates of birth, genders, family sizes, SSNs and tax identifiers f or IBM employees have been exposed. "Ernst & Young has a policy that this type of information is not supposed to be on a laptop," Moran said. "Yet, these guys download the data because it's convenient for them."

  • Laptop with Hewlett-Packard employees' ID stolen
    http://www.mercurynews.com/mld/mercurynews/business/14162732.htm

    By Nicole C. Wong
    Mercury News
    Mar. 22, 2006

    A Fidelity Investments laptop that contained the names, addresses, Social Security numbers, birth dates, compensation and other information for 196,000 current and former Hewlett-Packard employees participating in the company-sponsored retirement plan was stolen a week ago, the two companies confirmed Wednesday.

  • 40,000 BP workers exposed in Ernst & Young laptop loss
    http://www.theregister.co.uk/2006/03/23/ey_bp_laptop/

    By Ashlee Vance in Mountain View
    23rd March 2006

    Exclusive - Like sands through the hourglass, these are The Days of Ernst & Young laptop loss. Yes, friends, The Register can confirm that BP has been added to the list of Ernst & Young customers whose personal data has been exposed after a laptop theft. BP joins Sun Microsystems, Cisco and IBM in this not so exclusive club. Ernst & Young continues to maintain a code of silence around the laptop thefts, saying only that the BP/Sun/IBM/Cisco machine was password protected. This speak no evil policy has resulted in a string of stories as Ernst & Young customers are told one by one about the theft. It's difficult to obtain an exact figure on how many people have been affected by Ernst & Young's security lapse given that it won't say anything on the subject. We do, however, know that the IBM data breach exposed all current and former employees who have worked overseas at some point in their career. So, we're likely talking well over 100,000 people in that one incident. You have to wonder how long these thefts can continue before the financial services companies start explaining why key customer data was sitting on laptops and why workers felt it okay to leave these laptops in their cars or in conference rooms. The lack of action on their part will no doubt encourage legislators to step in at some point.

  • VSC laptop theft creates security concerns
    http://www.timesargus.com/apps/pbcs.dll/article?AID=/20060324/NEWS/603240363/1002

    By Darren M. Allen
    Vermont Press Bureau
    March 24, 2006

    MONTPELIER - Thousands of Vermont State Colleges students, faculty and staff learned this week that a VSC laptop computer stolen from a car parked in Montreal on Feb. 28 could have given thieves access to their personal financial information, including Social Security numbers and payroll data. And while system administrators assured the thousands of potential identity-theft victims that they had all but eliminated ac cess to the colleges' computer network from the laptop, some faculty and staff are furious that VSC took three weeks to warn them.

  • Lundquist's Guide To Not Getting Fired for Losing Your Laptop
    http://www.eweek.com/article2/0,1895,1943208,00.asp

    By Eric Lundquist
    March 27, 2006 Protect your job. Following these rules and guidelines to avoid becoming another in the long line of recent data theft victims. How often do we have to read about someone losing a laptop with a bunch of client data? I've included some links to recent stories: Stolen Fidelity Laptop Exposes HP Workers and Lost Fidelity Laptop Stirs Fear of ID Theft. Stop and think for a second. You are a high-powered road warrior jetting around the world making lots of complex but incrediblylucrative financial deals. You lose your laptop with all that important information. You have to call your boss back at the home office. Your next job involves asking customers if they want the large or the super-jumbo Slurpee. What follows is my guide to keeping from being a professional Slurpee machine operator for the rest of your career.

  • Laptop thieves descend upon wireless cafes
    http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2006/04/08/MNGE9I686K1.DTL

    Jaxon Van Derbeken
    Chronicle Staff Writer
    April 8, 2006

    A San Francisco finance manager stopped in at a Mission District cafe and was tapping on his laptop as he enjoyed his coffee just before noon on a Thursday. Suddenly, he was under siege. "I looked up, and I saw this guy leaning into me as if he was asking a question,'' he said. " I leaned forward, and out of the corner of my eye, I saw someone fiddling with the computer cord. I tried to stand up, and as I stepped back, he stabbed me in the chest.'' The 40-year-old San Francisco victim of the March 16 attack suffered a partially collapsed lung and was hospitalized for six days. The two suspects fled with his Apple PowerBook, worth $2,500.

  • Stolen laptops hand hackers keys to the kingdom
    http://www.theregister.co.uk/2006/04/25/stolen_laptop_peril/

    By John Leyden
    25th April 2006
    Infosec - As web apps are becoming more secure stolen laptops have become among the easiest ways to break into corporate net works. High profile firms such as Fidelity and Ernst and Young along with celebrities such as Kevin Costner have lost laptops over recent months. Concern over these thefts has focused on the exposure of data left on these devices. But the potential to use stolen kit to lift user credentials also poses a grave risk. During a presentation at Infosec on Tuesday, penetration testing firm SecureTest explained how DIY hardware devices or software available for purchase from eBay might be used to reset or circumvent passwords set in a laptop's BIOS. "If that fails you can always take the drive out and fit it with a USB connector," explained SecureTest's Rob Pope.

  • Aetna Loses Laptop Containing Customer Data
    http://www.consumeraffairs.com/news04/2006/05/aetna_laptop.html

    By Martin H. Bosworth
    ConsumerAffairs.Com
    May 1, 2006

    An employee of health insurance giant Aetna lost a laptop containing data on 38,000 customers, the company said. The information included names, addresses, and Social Security numbers, but no financial information. The individuals were employees of companies who bought group health coverage from Aetna. The companies asked not to be identified. Aetna spokesperson Cynthia Michener declined to verify where the theft took place, or if any of the information had been used. In a subsequent statement, Aetna CEO Ronald Michener claimed the laptop had been secured with "strong password protection," and that the employee responsible "did not follow corporate policies."

  • Ernst & Young laptop loss exposes 243,000
    http://www.theregister.co.uk/2006/06/01/ey_hotels_laptop/

    By Ashlee Vance in Mountain View
    1st June 2006

    Exclusive - Ernst & Young's laptop loss unit continues to be one of the company's more productive divisions. We learn this week that the accounting firm lost a system containing data on 243,000 Hotels.com customers. Hotels.com joins the likes of Sun Microsystems, IBM, Cisco, BP and Nokia, which have all had their employees' data exposed by Ernst & Young, as revealed here in a series of exclusive stories.

  • Ahold USA pension data lost when laptop disappears
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000953

    By Todd Weiss
    Computerworld June 05, 2006

    A laptop computer containing the names and personal information of an undisclosed number of retirees of grocery store chain Ahold USA disappeared last month after it was placed in checked baggage on a commercial U.S. flight and the bag was lost by the airline. Kimberly Walton, a spokeswoman for EDS, today acknowledged that the computer was lost amid baggage on a flight after an airline employee asked the EDS worker to check the bag rather than carry it onto the aircraft. "By doing so, that employee violated our company policy," Walton said.

  • IRS Laptop Lost With Data on 291 People
    http://www.washingtonpost.com/wp-dyn/content/article/2006/06/07/AR2006060701987.html

    By Christopher Lee
    Washington Post Staff Writer
    June 8, 2006

    An Internal Revenue Service employee lost an agency laptop early last month that contained sensitive personal information on 291 workers and job applicants, a spokesman said yesterday. The IRS's Terry L. Lemons said the employee checked the laptop as luggage aboard a commercial flight while traveling to a job fair and never saw it again. The computer contained unencrypted names, birth dates, Social Security numbers and fingerprints of the employees and applicants, Lemons said. Slightly more than 100 of the people affected were IRS employees, he said. No tax return information was in the laptop, he said.

  • Laptop with City Employees' Info Stolen
    http://www.wjla.com/news/stories/0606/337194.html

    June 18, 2006

    Washington (AP) - Information on 13,000 D.C. government workers and retirees has been stolen, along with the laptop computer where it was stored. Officials with ING Financial Services say the Social Security numbers and other information on the employees were stored on computer that was stolen from an ING employee's Southeast Washington home. ING administers the District's retirement plan. Company officials say the laptop was stolen on Monday but they didn't notify the city about the theft until late Friday because they had to figure out what information was stored on the computer. The laptop was not protected by a password or encryption.

  • Encryption can save data in laptop lapses
    http://seattlepi.nwsource.com/business/1700AP_Laptops_Security.html

    By STEPHEN MANNING
    ASSOCIATED PRESS WRITER
    June 17, 2006

    ROCKVILLE, Md. -- Reports of data theft often conjure up images of malicious hackers breaking into remote databases to filch Social Security numbers, credit card records and other personal information. But a lot of the time, the scenario is much simpler: A careless worker at company or agency with weak security policies falls prey to a low-tech street thug who runs off with a laptop loaded with private data. In the biggest case, the Department of Veterans Affairs recently lost data on 26.5 million veterans and military personnel stored on a laptop and external drive stolen from the suburban Washington home of a VA employee. Security experts and some privacy groups say simple measures could protect data if a laptop falls into nefarious hands. They include encrypting the information so it's nearly impossible to access without the correct credentials. "It is shocking how many of these are stolen laptops and that fact that the users of the laptops did not use encryption to secure the data," Beth Givens, director of the Privacy Rights Clearinghouse, said of recent data losses. "If thieves read the newspaper, they can readily figure out that they have got more than just a piece of hardware."

  • Wi-Fi drivers open laptops to hackers
    http://www.techworld.com/mobility/news/index.cfm?newsID=6272

    By Robert McMillan
    IDG News Service 22 June 2006

    Hackers can take control of laptops by Wi-Fi, even when the user is not connected to a wireless LAN, according to security researchers. The hack, which exploits bugs in wireless device drivers, will be demonstrated at the upcoming Black Hat USA 2006 conference during a presentation by David Maynor, a research engineer with Internet Security Systems, and Jon Ellch, a student at the US Naval postgraduate school in Monterey, California. "This would be the digital equivalent of a drive-by shooting," said Maynor. An attacker could exploit this flaw by simply sitting in a public space and waiting for the right type of machine to come into range. The victim would not even need to connect to a network for the attack to work.

  • FTC attorney's laptops stolen
    http://www.presstelegram.com/business/ci_3969575

    By Hope Yen
    Associated Press
    22 June 2006

    WASHINGTON -- The government agency charged with fighting identity theft said Thursday it had lost two government laptops containing sensitive personal data, the latest in a series of breaches encompassing millions of people. The car theft occurred about 10 days ago. Many of the people whose data were compromised were being investigated for possible fraud and identity theft, said Joel Winston, associate director of the FTC's Division of Privacy and Identity Theft Protection.

  • Stolen VA Laptop and Hard Drive Recovered
    http://www.washingtonpost.com/wp-dyn/content/article/2006/06/29/AR2006062900352.html

    By Christopher Lee and Zachary A. Goldfarb
    Washington Post Staff Writers
    June 30, 2006

    Federal officials yesterday announced the recovery of computer equipment stolen from an employee of the Department of Veterans Affairs. They said that sensitive personal information of 26.5 million veterans and military personnel apparently had not been accessed. The laptop and external hard drive, stolen May 3 from a VA data analyst's home in Aspen Hill, contained the names, birth dates and Social Security numbers of millions of current and former service members. The theft was the largest information security breach in government history and raised fears of potential mass identity theft.

  • Justice IG report: Protect laptop data
    http://www.fcw.com/article91061-10-10-05-Web

    By Michael Arnone
    Oct. 10, 2005

    Justice Department field agents and analysts are keeping classified information secure by using their wits and their training - and by carrying two laptop computers each. One is strictly for processing classified data. The other is for handling unclassified data and using unclassified applications, such as word processors and Web browsers. Justice employees use the decades-old setup to prevent the accidental shift of classified information to an unclassified environment or the Internet. It works, but it's bulky and inconvenient. Justice increasingly relies on laptops to process classified information. But the department's rules governing those resources do not encourage "innovative practices to improve the use of portable computers for processing classified information while adequately safeguarding classified information," the IG's office concluded in a July report.

  • VA Laptop Sold From Back of a Truck
    http://redtape.msnbc.com/2006/07/what_happened_t.html

    By Bob Sullivan
    July 3, 2006

    We have a few more details on what happened to the nation's most famous runaway laptop computer during those mysterious two months it was missing, courtesy of NBC's Pete Williams. We're talking about the computer and hard drive that were stolen from a Department of Veterans Affairs employee in May, an incident that made headlines because the hardware contained private information on 26.5 million veterans and current GIs. Last week, VA chief Jim Nicholson announced in dramatic fashion that the prodigal computer had been found, but details about the return were sparse. Both the laptop and hard drive ended up for sale at a black market just north of Washington D.C., near a subway station outside the Beltway near Wheaton. We're talking about the kind of market that is literally run out of the back of a truck, one official said. Fortunately, a buyer purchased both components at this black market, keeping the missing hardware together.

  • State's laptops vulnerable?
    http://www.columbusdispatch.com/news-story.php?story=dispatch/2006/07/03/20060703-C1-00.html

    By Randy Ludlow
    THE COLUMBUS DISPATCH
    July 03, 2006

    Data thieves don't always sneak in through a digital back door. Sometimes, their work is decidedly low-tech, such as strolling through a real door and snatching a laptop computer. In Ohio, some state agencies and universities appear to be lagging the technological curve as the federal government tightens the security of data on portable computers.

  • Missing laptop with data on 540,000 N.Y. state workers found
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002031

    By Todd Weiss
    Computerworld
    July 26, 2006

    A laptop computer containing personal information on more than half a million New York state workers has been found after it disappeared May 9 from the offices of a third-party data management company.

  • In separate incidents, three laptops stolen; data at risk
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002056

    By Todd Weiss
    Computerworld July 27, 2006

    Two laptops used by U.S. Navy recruiters in New Jersey have been missing since early June, potentially exposing personal data on about 31,000 recruiters and prospective recruits. In an unrelated incident, a laptop with personal information on 12,000 employees of Armstrong World Industries Inc. was recently stolen from a locked vehicle. The laptop in Trenton was reported stolen from the recruiting station in early June, while the one in Jersey City was reported missing earlier this month.

  • Transportation Department Laptop Stolen
    http://www.washingtonpost.com/wp-dyn/content/article/2006/08/09/AR2006080901177.html

    By Christopher Lee and Del Quentin Wilber
    Washington Post Staff Writers August 9, 2006

    A laptop computer belonging to the federal Department of Transportation inspector general's office was stolen last month, putting the sensitive personal information of nearly 133,000 Florida residents at risk, Acting Inspector General Todd J. Zinser said today. The laptop, assigned to a special agent in the Miami office, was stolen from a government vehicle on July 27 in Doral, Fla., Zinser told Florida Gov. Jeb Bush (R) today in a letter obtained by The Washington Post. The computer contains the names, Social Security numbers, birthdates and addresses of 42,792 Florida residents who hold a pilot's license; 80,667 people in the Miami-Dade County area who hold commercial driver's licenses; 9,496 people who took personal driver's license tests or obtained their license from an examining facility near Tampa, the letter said.

  • Laptops banned from hand baggage
    http://www.techworld.com/security/news/index.cfm?newsID=6621

    By Jeremy Kirk
    IDG news service
    10 August 2006

    UK passengers have been banned from taking electronic items on board airplanes. The new rules follow the arrests of 21 people in connection with an alleged plot to blow up aircraft mid-flight en route to the US. Laptop computers, iPods and mobile phones must be placed in checked baggage on flights out of the U.K. Airline passengers have become accustomed to additional checks following the September 2001 terrorist attacks in the US. Airport security checks require that laptops must be removed from their cases and X-rayed. But the new security measures in the UK could mean an increased chance of theft or damage to laptops and devices that must be checked and not carried on. From January through June of this year, US passengers filed nearly 1.8 million reports concerning mishandled baggage, according to US Department of Transportation statistics.

  • Encryption taken off Transportation IG laptop shortly before
    http://www.govexec.com/story_page.cfm?articleid=34763

    By Daniel Pulliam
    dpulliam [at] govexec.com
    August 10, 2006

    The Transportation Department inspector general's office removed the encryption on a laptop containing the personal information of 133,000 Florida residents about two weeks before it was stolen late last month from a government-owned Chevrolet Blazer parked outside a Miami area cafeteria. Acting Transportation Department Inspector General Todd Zinser said Wednesday that the data is routinely encrypted but it was removed as part of software upgrades, despite an Office of Management and Budget request for all government mobile computer devices containing sensitive information to be encrypted.

  • Survey: 81% of U.S. firms lost laptops with sensitive data in the past year
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002493

    By Linda Rosencrance
    Computerworld
    August 16, 2006

    Loss of confidential data -- including intellectual property, business documents, customer data and employee records -- is a pervasive problem among U.S. companies, according to a survey released yesterday by Ponemon Institute LLC and Vontu Inc., a San Francisco-based provider of data loss prevention products. Eighty-one percent of companies surveyed reported the loss of one or more laptops containing sensitive information during the past 12 months, according to the survey, which queried nearly 500 information security professionals. One of the main reasons corporate data security breaches occur is because companies don't know where their sensitive or confidential business information resides within the network or enterprise systems, Larry Ponemon, chairman of the Ponemon Institute, said in a statement.

  • Stolen laptop includes Chevron data
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002576

    By Linda Rosencrance
    Computerworld
    August 21, 2006

    In yet another incident involving a stolen laptop, Chevron Corp. confirmed last week that it is searching for a password-protected system that was taken on Aug. 5 from an unidentified accounting firm doing work for Chevron. The laptop contained the names and Social Security numbrs of an undisclosed number of current and former Chevron employees, according to a statement that the San Ramon, Calif.-based company e-mailed to Computerworld.

  • Laptop with data on 28,000 home care patients stolen in Detroit
    http://www.washingtonpost.com/wp-dyn/articles/A7653-2005Mar28.html

    By Linda Rosencrance
    Computerworld
    August 23, 2006

    A laptop containing home care information on 28,000 patients has been stolen from the car of a nurse who works for Royal Oak, Mich.-based Beaumont Hospitals, according to a statement from the hospital. The laptop was in the nurse's car, which was stolen in Detroit on Aug. 5 after the nurse had finished seeing patients. The vehicle was later recovered, but the laptop was missing. The computer contained personal and health information of Home Care patients who had received care over the previous three years, the hospital said.

  • Laptops with sensitive data stolen from Education contractor
    http://www.govexec.com/story_page.cfm?articleid=34906

    By Daniel Pulliam
    dpulliam at govexec.com
    August 29, 2006

    Two laptop computers believed to contain unencrypted personal information about 43 grant reviewers were stolen from an Education Department contractor in Washington, D.C., earlier this month. The laptops, stolen Aug. 11, contained information about grant reviewers for the Teacher Incentive Fund. An official for the contractor overseeing the reviews, DTI Associates of Arlington, Va., said the firm could not rule out the possibility that Social Security numbers, used in the processing of the reviewers' payments, were on the computers.

  • Prison guard arrested over Bali bomber's laptop
    http://www.alertnet.org/thenews/newsdesk/JAK330003.htm

    Reuters
    01 Sept 2006

    JAKARTA, Sept 1 (Reuters) - Indonesian police have arrested a prison guard over the smuggling of a laptop for a man on death row for the 2002 Bali bombings, police and his lawyer said on Friday. The arrest came after police revealed last month that Bali bomber Imam Samudra had used a laptop in his Bali prison cell to chat via the Internet with co-conspirators about fund-raising for attacks through online credit card fraud.

  • Commerce Department loses 1,137 laptops
    http://www.chron.com/disp/story.mpl/ap/politics/4205692.html

    By DOUGLASS K. DANIEL
    Associated Press Writer
    Sept. 21, 2006

    WASHINGTON - The Commerce Department has lost 1,137 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night.

  • GE: Laptop with data on 50,000 staffers stolen
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9003645

    Reuters
    September 26, 2006

    General Electric Co. said today that a company laptop containing the names and Social Security numbers of 50,000 current and former employees was stolen in early September. The laptop, which had been issued to a GE official who was authorized to have the data, was stolen from a locked hotel room, GE said.

  • Review: Security flaws place DHS inspectors' laptops at risk
    http://www.govexec.com/story_page.cfm?articleid=35176

    By Daniel Pulliam
    dpulliam (at) govexec.com
    October 2, 2006

    The Homeland Security Department inspector general's office has not taken the necessary steps to properly secure laptop computers holding sensitive and classified information, a report released Monday stated. The heavily redacted Aug. 8 report from Frank Deffer, assistant inspector general for information technology at DHS, said considerable risks remain despite the many essential security controls in place, including adequate physical security. Most examples of inconsistent security practices were redacted. The report said that stolen or missing laptops are not consistently reported through the chain of command to DHS' Computer Security Incident Response Center. This included a stolen IG laptop in 2005. "Because the OIG had not reported the security incident to the DHS CSIRC, senior DHS officials may not be aware of the extent or scope of laptops security issues at the department," the reviewers stated.

  • Hackers invited to break the security on $100 laptops
    http://www.tgdaily.com/2006/10/03/toorcon2006_olpc_securityrisks/

    By Humphrey Cheung
    October 3, 2006

    San Diego (CA) - Cheap computers for the world's poor could mean big security headaches. The $100 One Laptop Per Child (OLPC) project is inviting hackers to break test out and even break the security on the upcoming computers. Speaking at the Toorcon computer security convention, OLPC representative Ivan Kristic said the OLPC will create the largest monoculture in history and the it will present some "very scary" security problems.

  • Laptop with Marines' personal data missing
    http://www.signonsandiego.com/news/military/20061006-1742-missinglaptop.html

    SIGNONSANDIEGO NEWS SERVICES
    October 6, 2006

    CAMP PENDLETON A laptop computer containing personal information regarding 2,400 on-base residents of Camp Pendleton is missing, base officials revealed Friday.

  • Duncan's laptop of horrors may be bargaining chip
    http://seattletimes.nwsource.com/html/localnews/2003310587_webduncan18.html

    By Nicholas K. Geranios
    The Associated Press
    October 18, 2006

    COEUR D'ALENE, Idaho As the man accused of kidnapping two children and killing their family waits in a jail cell for a federal indictment he still holds what could be a bargaining chip: An encrypted laptop that may contain more horrors. The FBI's top hackers apparently have been unable to break Joseph Edward Duncan III's security encryptions, and a plea bargain Duncan's lawyers struck Monday with state prosecutors says the key must only be shared with his defense lawyer.

  • At U.S. Borders, Laptops Have No Right to Privacy
    http://travel2.nytimes.com/2006/10/24/business/24road.html

    By JOE SHARKEY
    jsharkey (at) nytimes.com
    October 24, 2006

    A LOT of business travelers are walking around with laptops that contain private corporate information that their employers really do not want outsiders to see. Until recently, their biggest concern was that someone might steal the laptop. But now theres a new worry that the laptop will be seized or its contents scrutinized at United States customs and immigration checkpoints upon entering the United States from abroad. Last week, an informal survey by the association, which has about 2,500 members worldwide, indicated that almost 90 percent of its members were not aware that customs officials have the authority to scrutinize the contents of travelers laptops and even confiscate laptops for a period of time, without giving a reason. One member who responded to our survey said she has been waiting for a year to get her laptop and its contents back, said Susan Gurley, the groups executive director. She said it was randomly seized. And since she hasnt been arrested, I assume she was just a regular business traveler, not a criminal.

  • Savannah company's laptop theft highlights data security concerns
    http://savannahnow.com/node/166947

    By Christian Livermore
    October 28, 2006

    A laptop owned by a Savannah accounting firm containing 401(k) information for employees of at least one company was stolen during a recent trip to New York City. The laptop, belonging to Hancock Askew & Co. LLP partner Michael McCarthy, was stolen Oct. 5. The accounting firm notified at least one of the companies - Atlanta-based Atlantis Plastics Inc. - on Oct. 9.

  • Army command laptop missing
    http://www.gcn.com/online/vol1_no1/42491-1.html

    By Jason Miller
    GCN Staff
    11/02/06

    The Army's Accessions Command in Ft. Monroe, Va., reported a laptop computer with personal information on 4,600 scholarship applicants for the Reserve Officer Training Corps went missing Oct. 23. The command just yesterday let the House Government Reform Committee know that the notebook went missing. The committee asked all agencies to report all data breaches since Jan. 1, 2003. Agencies had until July 24 to report their information, but the committee still is receiving reports of data breaches.

  • 'Scrubbed' laptop had data on 6,000 Utahns
    http://deseretnews.com/dn/view/0,1249,650203974,00.html

By Lois M. Collins
Deseret Morning News
November 3, 2006

More than 6,000 people who worked for Intermountain Healthcare's central urban region in 1999 have learned that a file listing their Social Security numbers was briefly for sale for $20.

  • Financial Services loses 17 laptops
    http://www.theinquirer.net/default.aspx?article=35538

    By Tony Dennis
    05 November 2006

    OVER THE course of three years the UK's Financial Services Authority (FSA) has admitted to losing 17 laptop PCs valued at a total of 13,000. The INQ's lost a couple of Psion Revos and several mobile phones. But how do you accidentally lose so many laptops? The INQ has one answer you get on a train absolutely bladdered, fall asleep, leap off at your stop and hey presto! you lose a phone or a PDA.

  • Starbucks loses laptops with data on 60,000 employees
    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9004809

    By Eric Lai
    Computerworld
    November 06, 2006

    SEATTLE -- Starbucks Corp. has lost four laptops, including two with the names and Social Security numbers of nearly 60,000 current and former employees.

  • Laptop loss: How to avoid becoming the next Starbucks
    http://www.networkworld.com/news/2006/111006-laptop-loss.html

    By Deni Connor
    Network World
    11/10/06

    When Starbucks earlier this month revealed it couldnt find four laptops containing data on thousands of employees, IT administrators everywhere once again were forced to ask themselves: Whats our policy on protecting data on mobile devices? The seemingly never-ending string of high-profile data loss cases from Los Alamos National Laboratory to Allina Health to U.S. Veterans Affairs is pushing more organizations to encrypt data on such devices as laptops and USB flash drives, and establish associated security policies.

  • Stolen Nationwide laptop prompts FSA probe
    http://news.zdnet.co.uk/security/0,1000000189,39284689,00.htm

    By Tom Espiner
    ZDNet UK
    13 Nov 2006

    The theft of a laptop containing Nationwide Building Society customer information is being probed by the Financial Services Authority (FSA). The laptop was stolen from an employee's house in a burglary in August. Both Nationwide and FSA have refused to say exactly what data was stolen. According to Alan Oliver, Nationwide's head of external affairs, the laptop contained "limited customer information for market research purposes". Nationwide would not say how many customers' details were contained on the stolen laptop. It is in the process of writing to all of its 11 million UK customers to outline the security measures they need to take as a result of the theft.

  • Arrest made in DOT laptop theft
    http://www.gcn.com/online/vol1_no1/42653-1.html

    By Mary Mosquera
    GCN Staff
    11/21/06

    Law enforcement officials arrested a suspect in the theft of a laptop belonging to a Transportation Departments Office of Inspector General in the same restaurant parking lot near Miami from which the laptop was taken, according to an OIG status report released today. The laptop taken in July contained sensitive, personally identifiable information for 133,000 pilots, commercial truck drivers and individual drivers l icense holders in Florida. Authorities have not recovered the laptop.

  • Laptop thief lands the bank details of 15,000 policemen
    http://www.thisislondon.co.uk/news/article-23375377-details/Laptop+thief+lands+the+bank+details+of+15,000+policemen/article.do

    21.11.06

    A Buglar has stolen bank account details of more than 15,000 Scotland Yard officers following a huge security blunder, it emerged last night. Sensitive financial information about high-ranking officers, thought to include Metropolitan Police Commissioner Sir Ian Blair, and anti-terrorist detectives were stored on three laptops stolen from the company responsible for the force's pay and pensions services. Last night, a major security review was under way at Britain's biggest force amid fears the thief could steal vast sums of money from officers' accounts. The break-in, at the offices of software group LogicaCMG in Peckham, South-East London, is a huge embarrassment to Scotland Yard. A senior Yard source said: "Heads should roll over this. At a time of unprecedented concerns over security, it is scandalous that a thief can steal such sensitive information."

  • Stolen DOT computers lead to laptop theft ring
    http://www.fcw.com/article96913-11-22-06-Web

    By Aliya Sternstein
    Nov. 22, 2006

    An investigation into two recent laptop computer thefts from the Transportation Departments Office of Inspector General has helped uncover a ring of laptop thieves, according to the latest status report on the incidents. On July 27, someone stole an OIG special agents laptop from a locked car near Miami. The laptop contained personally identifiable information about 133,000 Florida residents. Following that episode, officials reviewed an April theft of an OIG laptop that occurred in Orlando, Fla. That laptop belonged to the special agent-in-charge of the Miami OIG office.

  • Stolen laptop puts Boeing worker data at risk
    http://www.suntimes.com/business/170185,CST-FIN-boeing13.article

    BY FRANCINE KNOWLES
    Business Reporter
    December 13, 2006

    In a disturbing case of deja vu, 382,000 Boeing Co. retirees and active workers are at risk of identity theft and credit-card fraud because of the theft of a company laptop computer. The theft, which Boeing confirmed Tuesday, is the third such incident in the past 13 months in which a laptop computer containing personnel information was stolen, and it took place despite safeguards the company put in place. As was the case in the other situations, information on the laptop wasn't encrypted. The latest incident represented a violation of company policy, Neale said.

  • Boeing fires employee whose laptop was stolen
    http://seattlepi.nwsource.com/business/295982_boeinglaptop14ww.html

    By JAMES WALLACE
    P-I REPORTER
    December 14, 2006

    The Boeing Co. said Thursday it has fired the employee whose laptop was stolen with personal information about nearly 400,000 retired and current company workers. A person with knowledge of the matter said the employee data was not encrypted as company policy requires once it has been downloaded from a server. Jim McNerney, Boeing's chairman, president and chief executive, said the breach of company policy was so serious that some Boeing managers also will be disciplined. "This latest incident resulted from a clear violation of our data-protection policy," McNerney said in an e-mail to all Boeing employees. "We have very strict and clear policies and procedures about how employee information is handled," he wrote. "An employee, despite proper training, failed to comply with those requirements and as a result is being dismissed from the company." McNerney said action will be taken against some Boeing managers. "I also believe strongly that management must be held accountable when repeated failures like this occur, so the employee's management chain will be reprimanded."


Enhanced by Zemanta

Posted by Anton Aylward