backtop

Print E-mail del.icio.us 17 comment(s) - last by lemonadesoda.. on Jun 20 at 3:04 AM
ING is the victim of data theft for the second time

A burglary of an ING Financial Services agent's home has left 13,000 District of Columbia workers and retirees at risk.  The Social Security numbers and other personal data of the workers were stored on a laptop that the ING worker took home.  The theft reportedly took place on Monday, June 12, but the company waited several days to confirm what pieces of data were on the laptop.  After a delayed response from the company, it was revealed the laptop was not password-protected and the sensitive data was not encrypted.

ING has sent letters warning of potential identity theft to all affected employees.  The ING Financial Services agent apparently did not violate any company policies by taking the laptop home, but this is not the first time that ING has lost a laptop with sensitive material on it.  In December 2005, a laptop containing sensitive information belonging to 8,500 hospital workers was taken. 

News stories about laptops containing sensitive material being stolen from homes and office buildings have been occurring a lot over the past several months.  Because of the increase of lost data, Congress may finally step in.  There are several pieces of legislation that would aim to protect consumers from identity theft and fraud because of a laptop theft.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
wow
By SLEEPER5555 on 6/19/2006 6:55:20 AM , Rating: 2
how many times does this have to happen before companies get a clue?




RE: wow
By The Cheeba on 6/19/2006 6:56:47 AM , Rating: 5
Apparently, if youre ING, at least twice.


RE: wow
By Griswold on 6/19/2006 7:01:36 AM , Rating: 2
Maybe a class action lawsuit is due?


RE: wow
By shabby on 6/19/2006 7:15:50 AM , Rating: 2
I agree, how many billions should we sue for?


RE: wow
By Pythias on 6/19/2006 8:12:27 AM , Rating: 2
Does it matter? The lawyers will get $999999999 and we'll get a coupon for 35 cents off a pack of post-its.


RE: wow
By Griswold on 6/19/2006 1:51:09 PM , Rating: 2
Defintiely more than 42.


Encryption is free and trivial
By Hare on 6/19/2006 7:29:02 AM , Rating: 2
...So what's wrong with these people ?!?

With open source encryption like truecrypt this theft would be meaningless.




RE: Encryption is free and trivial
By Warder45 on 6/19/2006 8:42:45 AM , Rating: 2
While better then nothing encrypting the files is not the solution.

Companies need to set policies against storing sensitive data on mobile devices. It's only going to get worse as cell phones, blackberries, PDA's, etc, get more space and power.


RE: Encryption is free and trivial
By Hare on 6/19/2006 9:37:15 AM , Rating: 2
quote:
While better then nothing encrypting the files is not the solution.
You can't avoid keeping sensitive data on devices that can be stolen. The only solution is strong encryption. Even Truecrypt offers encryption strong enough that makes storage practically unbreakable. I'd say it's a pretty good solution. If you can't stop theft you better make the information useless unless decrypted.


RE: Encryption is free and trivial
By Trisped on 6/19/2006 4:10:13 PM , Rating: 2
The problem is that it is only a matter of time to break an encryption.

Yes, you can not 100% prevent a thief from breaking in, but you can prevent 99% of all attempts with the proper protocols. That with encryption will provide a reasonable amount of insurance. After all, this is people's good name in the form of their identity.


Hrm...
By HackSacken on 6/19/2006 7:25:05 PM , Rating: 2
Maybe I read this wrong, but shouldn't that type of data all be on remote servers with regular backup and not on a company computer, let alone a laptop.
Plus, besides encryption software, there is software that can be invisibly loaded. That software communicates with a server with a database of that companies laptops/nodes. Once that computer is booted and talks to the server, it registers it. You can put a flag on a stolen machine, so when it hits that server, it wipes the machine clean and inusable.
Am I making this up or has someone else heard/seen this stuff? You would think with personal information such as this everything possible would be done to be prevented. Correct me if I'm wrong on any of this.




RE: Hrm...
By lemonadesoda on 6/20/2006 3:04:44 AM , Rating: 2
Let me suggest how this sort of thing happens...

1./ Manager tells employee he has deadline to complete analysis
2./ Employee doesn't get the analysis done on time, or wants to go home early and watch football
3./ Employee copies data onto laptop so he can work at home
4./ Employee doesn't get the analysis done on time (too much beer watching the game) and knows he cant say "the dog ate my homework", so...

(Point 4 is optional, but you get the idea).

Basically:

1./ The company is at fault for the wrong policies/procedures
2./ Employee was wrong to store "data extract" in EXCEL (or whatever format) on his local hard drive.

When this happens in the Financial Services industry... this is unforgiveable... since regulation already exists that protects personal information. ING needs to be hauled in by the Regulator, fined and given a warning that it will lose its banking license if this happens again.


Hopefully....
By Souka on 6/19/2006 9:22:30 AM , Rating: 2
Hopefully....they were using IBM Thinkpads, using the on-chip excryption and fingerprint passwords.....

Hopfully....in the future they'll learn to keep confidential data on secured servers.

tsk tsk....








Document Management Software
By InternetGeek on 6/19/2006 11:10:36 AM , Rating: 2
There are lots of software products that make managing documents easier and safer. Companies handling personal data should be mandated to use these products.

Believe it or not Spammers do not share their info so easily because they profit from selling it. They are an example to follow as securing their data goes.




Internal policies anyone?
By lemonadesoda on 6/19/2006 3:54:27 PM , Rating: 2
ING should be called to task:

1./ What are its internal policies regarding private information of its clients/customers?

2./ What are their procedures for dealing with policy breaches?

3./ Exactly WHEN did they fire either:
(i) the person who lost a laptop with data he shouldn't have had on it, according to company policy, OR
(ii) the head of compliance, who, if such policies don't exist, hadnt implemented such policies after their last "data loss".

At least one head should roll. If not, then I'll be moving every single $ out of ING due ot loss of confidence. And I suggest everyone else does too.




By Trisped on 6/19/2006 4:05:57 PM , Rating: 2
If a finical institution can not protect people’s personal info then they should not be allowed to operate.

I expect that many of these “lost laptops” or how ever the info is being stole are actually people buying the information from an employee and the employee trying to cover their tracks.




This makes no sense
By vingamm on 6/19/2006 8:17:36 AM , Rating: 1
It is like having sex with someone you know has AIDS. I can not believe a company as big as ING with information as sensitive as this has equipment that is not encrypted. And this has happend more than once. You know a log does not have to hit me to before I realize something needs to change. You know they do not even have to worry about corporate espionage, They give the info away!!




"When an individual makes a copy of a song for himself, I suppose we can say he stole a song." -- Sony BMG attorney Jennifer Pariser











botimage
Copyright 2010 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki