Laptop stolen from Ohio audit firm exposes clients
Technorati Tag: Security Breach
Date Reported:
11/17/07
Organization:
The Ohio Masonic Home
Contractor/Consultant/Branch:
Battelle & Battelle LLC
Victims:
The Ohio Masonic Home employees and those of up to 9 other other businesses
Number Affected:
600*
*this number only includes The Ohio Masonic Home employees
Types of Data:
"personal information"
Breach Description:
A laptop was stolen from the CPA firm Battelle & Battelle LLC that contained sensitive personal information about the employees of clients. It is reported that up to 10 organizations may be affected by this breach.
Reference URL:
The Dayton Daily News Story
Report Credit:
Kelly Baker, Dayton Daily News
Response:
From the source cited above:
A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home, officials said Friday.
[Comfyllama] I had a neighbor recently who was a partner of an auditing firm here in Minnesota. We talked about encrypting laptops at his firm and risk in not doing so. No matter what he tried, he could not convince the other partners to do it. I wonder if they are still exposed. I don't get it. Is encryption something to be feared, or embraced? You know my thoughts.
Battelle & Battelle LLC would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.
[Comfyllama] The Ohio Masonic Home is the only organization of the "up to 10" that have publicly commented.
Battelle was conducting the home's pension plan audit when the laptop was stolen last month from an employee's vehicle.
[Comfyllama] Would you leave your wallet in your car, or maybe your purse? Why is it OK to leave a laptop there?
Ohio Masonic Home, which learned of the theft on Wednesday, notified its employees in person and by letter, and will provide for them a credit-monitoring service, said CEO David Bannerman.
There did not appear to be incidents of identity theft as of Friday, he said.
The stolen laptop requires "multiple levels of authentication to access the data on the machine," Battelle stated in a letter to Masonic Home.
[Comfyllama] Well "multiple levels" is better than one level, but it is absolutely NOT adequate.
"We feel that the chance of your data being accessed by an outside party is quite slim."
[Comfyllama] Feelings, nothing more than feelings.
This is the first such incident for Battelle, which protects its security "very carefully," said spokeswoman Michelle Kaye.
[Comfyllama] Words mean nothing. Actions would demonstrate the willingness to foot the 100 or so bucks per laptop (for a well-known commercial product) and encrypt!
The company has met "confidentially" with each of its clients to discuss how any losses would be handled, she said.
A complaint should be filed with the Federal Trade Commission at www.ftc.gov/idtheft or at .
Commentary:
I have to go back and count the number of laptops that are lost or stolen without encryption this year. It is too many! Not to mention that we only see the ones that are reported publicly. A small company that I consult for has lost four laptops this year alone! This company accepted the advice to encrypt them, and manage keys well, so no worries.
Audit firms such as Battelle & Battelle LLC could save everyone a lot of anxiety.
Past Breaches:
Unknown

11/17/07
Organization:
The Ohio Masonic Home
Contractor/Consultant/Branch:
Battelle & Battelle LLC
Victims:
The Ohio Masonic Home employees and those of up to 9 other other businesses
Number Affected:
600*
*this number only includes The Ohio Masonic Home employees
Types of Data:
"personal information"
Breach Description:
A laptop was stolen from the CPA firm Battelle & Battelle LLC that contained sensitive personal information about the employees of clients. It is reported that up to 10 organizations may be affected by this breach.
Reference URL:
The Dayton Daily News Story
Report Credit:
Kelly Baker, Dayton Daily News
Response:
From the source cited above:
A laptop stolen from a Kettering auditing firm contained personal information on employees of up to 10 businesses, including Springfield-based Ohio Masonic Home, officials said Friday.
[Comfyllama] I had a neighbor recently who was a partner of an auditing firm here in Minnesota. We talked about encrypting laptops at his firm and risk in not doing so. No matter what he tried, he could not convince the other partners to do it. I wonder if they are still exposed. I don't get it. Is encryption something to be feared, or embraced? You know my thoughts.
Battelle & Battelle LLC would not disclose the number of individuals affected by the theft but Masonic Home officials said 600 of its employees' information was stored in the laptop.
[Comfyllama] The Ohio Masonic Home is the only organization of the "up to 10" that have publicly commented.
Battelle was conducting the home's pension plan audit when the laptop was stolen last month from an employee's vehicle.
[Comfyllama] Would you leave your wallet in your car, or maybe your purse? Why is it OK to leave a laptop there?
Ohio Masonic Home, which learned of the theft on Wednesday, notified its employees in person and by letter, and will provide for them a credit-monitoring service, said CEO David Bannerman.
There did not appear to be incidents of identity theft as of Friday, he said.
The stolen laptop requires "multiple levels of authentication to access the data on the machine," Battelle stated in a letter to Masonic Home.
[Comfyllama] Well "multiple levels" is better than one level, but it is absolutely NOT adequate.
"We feel that the chance of your data being accessed by an outside party is quite slim."
[Comfyllama] Feelings, nothing more than feelings.
This is the first such incident for Battelle, which protects its security "very carefully," said spokeswoman Michelle Kaye.
[Comfyllama] Words mean nothing. Actions would demonstrate the willingness to foot the 100 or so bucks per laptop (for a well-known commercial product) and encrypt!
The company has met "confidentially" with each of its clients to discuss how any losses would be handled, she said.
A complaint should be filed with the Federal Trade Commission at www.ftc.gov/idtheft or at .
Commentary:
I have to go back and count the number of laptops that are lost or stolen without encryption this year. It is too many! Not to mention that we only see the ones that are reported publicly. A small company that I consult for has lost four laptops this year alone! This company accepted the advice to encrypt them, and manage keys well, so no worries.
Audit firms such as Battelle & Battelle LLC could save everyone a lot of anxiety.
Past Breaches:
Unknown
In addition to the Ohio Masonic Home, it appears that the Community Blood Center was also affected according to this news story.
Community Blood Center is the latest business to be notified that
employees' information was stored on a laptop stolen in October from a
Kettering auditing firm.
Battelle & Battelle LLC was conducting an audit of the blood center's 401K
plan when a laptop was stolen from a Battelle employee's vehicle, said
Blood Center spokeswoman Sher Patrick. Up to 600 employees appeared to be
affected.
http://www.springfieldnewssun.com/hp/content/oh/story/news/local/2007/11/30/sns120107laptop.html
Reply to this