BANK of NY DATA BREACH:
The Connecticut attorney general announced
>> that
>> a Bank of New York Mellon contractor lost a laptop containing the
>> personal
>> information of some 4.5 million bank customers. An unencrypted backup
>> tape
>> holding the personal information disappeared on 27 FEB while in
>> possession
>> of a third-party vendor. Potential victims did not learn of this until
27
>> MAY giving them little chance of protecting themselves. Andy
>> Kicklighter,
>> director of product marketing for GuardianEdge, provider of mobile data
>> protection solutions, said businesses must prioritize the need for
laptop
>> encryption and search for solutions that allow for simple
implementation
>> and manageability. "IT organizations are afraid that it will be a
big
>> project," he said, adding that companies who have never
experienced a
>> data-loss incident also have difficulty understanding the ramifications
>> of
>> a breach. "It just hasn't reached their priority level,"
Kicklighter told
>> SCMagazineUS.com. (Editor's Note: From the preceding it is once again
>> evident that the government it not the only entity having limited
control
>> over data breaches resulting from human error. Veterans need to
protect
>> themselves against personal losses through some form of identity theft
>> insurance).
>>
>> An undisclosed number of management-level
workers at AT&T have been
>> notified that their personal information was stored unencrypted on a
>> stolen laptop. The laptop was stolen 15 MAY from the car of an
employee.
>> The data on the computer was not encrypted -- a violation of company
>> policy -- and included names, Social Security numbers and in some
cases,
>> salary and bonus information. Walt Sharp, a spokesman for AT&T said
the
>> company would not disclose the number of affected individuals, but
>> indicated there is no reason to believe any of the data was being
>> targeted
>> when the machine was stolen. "Usually these are property crimes in
which
>> the drive is wiped clean and resold for profit," he said. The
employee
>> who
>> was in possession of the laptop when it was stolen has been
disciplined.
>> "There are a number of rules governing the handling of encrypted
material
>> and the mobile devices handling that material that employees must
>> follow,"
>> Sharp said. "It is up to the employee to ensure that any sensitive
>> material is encrypted." AT&T began notifying victims on 23 May
through
>> email and standard mail and is offering them free credit monitoring.
AT&T
>> used the breach as a reminder that employees must follow policies.
>> [Source: SC Magazine Dan Kaplan article 4 Jun 08 ++]