Jun 5, 2006

Yet Another Security Breach!

One fine morning, one of my friends gets a call from a collection agency that he has failed to pay an amount of US$400/- odd, to a hospital some 4 months back. My friend went poking into details and realized that the hospital is located somewhere in Florida where he didn't even visit four months back. So, some more queries & clarifications made him realize that someone else has used his information to do some emergency medical check up in that Florida hospital. His first suspicion was on his 401K company and their reported lost of his information few months back because of a laptop, hmm, rather Notebook Theft!!

Yep! This has been going on for a while from different sources. Like last month, we witnessed the worst case scenarios - Discovery that someone possessed access to Ohio University servers for long time. Likewise, some 25 Million US veterans information was lost - That sure is huge. Anyways, what prompted me to write on this?

Ernst & Young are the auditors of Hotels.com, a sub-division of Expedia. One of their notebooks (Ahh! No!) is stolen in a car theft incident. The bad part is, the notebook has information like Name, Address and Credit Card details of like 243,000 customers of Hotels.com!! Can they be read? Well, the system is supposed to have password protection (as if we don't have for our notebooks) and some software encryption! Unfortunately & coincidentally, this particular notebook doesn't have the encryption installed yet:)!

Here are few things I just don't understand sometimes! It seems, the auditor employees rightfully & legally can carry such information in their notebooks. Why to carry around such kind of confidential & sensitive informations in notebooks - I mean, I already here have quoted 2 incidents where laptop theft has lead to probable information theft? Why can't they log in & access the required information through secure networks from servers/main frames?

We know there are always prey watching eyes to steal notebook from cars. And if they end up breaking into the system's information carrying such sesitive data, then they sure have made their day!

Leave stealing! What about misplacing? A quite probable story in the future considering all those tiny storage devices in the field now. Here is another friend of mine, working in a top notch Fortune 500 consultancy firm, who was recently offered a 2GB jump drive (Can you imagine? Yeah! Yeah! That thumb sized drive) to carry confidential clients' information. And this friend of mine is always on business trips & visits, flying every week to different places. I just couldn't stop giggling seeing that Jump Drive! Well... Ofcourse I do know the issue is much more serious than a giggle!

2 comments:

Anonymous said...

nice..really nice..
we were concerned abt someone from outside taking control of our computers...now we hav to protect it just as we protect other things in our house..!!
really nice insight to a hole which i never thought abt...
bio-metric security is the way out...but it can be avoided if u plug in the hard disk to another computer..!!
then the chowkidars are the way now...who will not let anyone to come inside to streal the data...but he can be bribed too..!!
so there is no way i see out of this hole...other than storing the entire data in ur own body...someone has to kill u to get the data...or the data gets destroyed ones u kill someone..!!
that would be permanently losing data....
so the verdict---
"If its accessible by one person, its accessible by someone with intelligence and intentions also."
Stay Connected (in this unsecure world)
Billoo..!!

Jagan M Narayanan said...

haha..nice one...
There r soo many people in India, BPO working for US & Europe companies. They have access to lots of details especially SSN of many individuals and sure, they are & can be bought for some cheap money.