Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« The Business Need for Information Security and Privacy Education | Main | Insider Threat Example: Greek Ex-soldier Posts Military and Personal Data About Other Soldiers He Collected 3 years Ago »

"Lost" laptop with info on 540,000 New Yorkers Found

MSNBC reported that the laptop I blogged about earlier this week that contained sensitive personally identifiable information (PII) on 540,000 New Yorkers was found by the FBI and CS Star.   

"The FBI and the private company that had been in possession of the state-owned personal computer would not say how or where it was found, only that it was in "a secure location.""

The computer had been missing since May 9.  The story did not say specifically when it was found, but implies it was found just this week.  So, it was missing for around 2 1/2 months. 

"Mike Kachel, a spokesman for CS Stars' New York City office, said the FBI located the computer, missing since May 9, and that it appeared no one had used any of the information it contained."

These statements are always interesting to me...I'm told by my digital forensic expert buddies that you cannot tell for certain if data has or has not been copied.

Since the FBI was part of the team that found the laptop it seems it was probably found outside of CS Stars' facilities...but then again, that is supposition.   

"The company had earlier offered the affected workers identity theft insurance, 12 months to get free credit reports and access to fraud resolution specialists. That offer still stands, Kachel said."

This is good.  When an organization, or the government, offers credit monitoring they should stand behind that offer, even when the computer is found.  Because there is no way to tell if the data has been copied, it is foolhardy to believe that just because the computer is found there are not copies of all the data floating around and perhaps being auctioned off to any fraudster who wants to pay for social security numbers, names and addresses.  This computer was "lost" for 2 1/2 months...it could have passed through many hands during that time.

"Identity theft is considered one of the country's fastest growing white-collar crimes. One recent survey reported that there have been more than 28 million new identity theft victims since 2003, but experts say many incidents go undetected or unreported."

Indeed, instances of identity theft occur every day.  In fact yesterday CNN reported that U.S. Senator Harry Reid was recently a victim of identity fraud

"Senate Minority Leader Harry Reid discovered this week he was the victim of identity theft after someone used his MasterCard number to charge about $2,000 at a Wal-Mart and other stores in Monroe, North Carolina. The Nevada Democrat said he found out someone had obtained the number after opening his bill Tuesday night."

The report said he did not know how anyone else got his credit card number.  Gee, wonder if his credit card number was on one of the many laptops and hard drives that have been lost and stolen?  Perhaps even on one that was recovered and determined to have not been compromised?  We'll likely never know for sure...hmm...

Technorati Tags








 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on July 28, 2006 1:08 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/145

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.