Hard drive stolen from New Mexico State University was encrypted
Technorati Tag: Security Breach
Date Reported:
1/5/08
Organization:
New Mexico State University
Contractor/Consultant/Branch:
Special Events Department
Victims:
"every employee hired by the department since 1999"
Number Affected:
Unknown
Types of Data:
Names and Social Security numbers
Breach Description:
An encrypted external hard drive was stolen from the New Mexico State University Special Events Department sometime between December 30th, 2007 and January 2nd, 2008 while located in an office in the Pan American Center. The hard drive contained personal information belonging to every employee hired by the department since 1999,
Reference URL:
KOB.com Channel 4 News Story
KOAT Channel 7 News Story
Las Cruces Sun-News Story
Report Credit:
Jose L. Medina, Las Cruces Sun-News
Response:
From the online sources cited above:
A computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center
The external hard drive was stolen sometime between Dec. 30 and Jan. 2 from an office at the NMSU Special Events Department
It contained the names and Social Security numbers of every employee hired by the department since 1999
The hard drive was used as a backup to an employee's computer.
[Evan] The use of an external hard drive is not necessarily a recommended security practice. There are more secure methods to backup important employee information.
But they say the information was encrypted, and that it's unlikely it could be accessed.
[Evan] Great! I am glad to hear that the external hard drive was encrypted. Hopefully secure key (encryption/decryption) management practices were/are followed. I wonder if the employee's computer is also encrypted, and I wonder if the employee's computer was the "official" repository for this sensitive information as opposed to a central server.
Scott Breckner, who was named director of special events just last month, said Friday that the department was trying to ascertain how many names and Social Security numbers were on the hard drive
the university plans to notify the affected student employees about the theft by letter as a precautionary measure.
"Safety is our concern, no question," Breckner said.
Commentary:
It is refreshing to read about a breach that may not even be a breach because of the use of encryption. If key management was sufficient, then I agree with the school's assessment that in all likelihood the data is safe.
Past Breaches:
Unknown
Date Reported:1/5/08
Organization:
New Mexico State University
Contractor/Consultant/Branch:
Special Events Department
Victims:
"every employee hired by the department since 1999"
Number Affected:
Unknown
Types of Data:
Names and Social Security numbers
Breach Description:
An encrypted external hard drive was stolen from the New Mexico State University Special Events Department sometime between December 30th, 2007 and January 2nd, 2008 while located in an office in the Pan American Center. The hard drive contained personal information belonging to every employee hired by the department since 1999,
Reference URL:
KOB.com Channel 4 News Story
KOAT Channel 7 News Story
Las Cruces Sun-News Story
Report Credit:
Jose L. Medina, Las Cruces Sun-News
Response:
From the online sources cited above:
A computer hard drive containing the names and Social Security numbers of current and former NMSU employees is missing from the Pan American Center
The external hard drive was stolen sometime between Dec. 30 and Jan. 2 from an office at the NMSU Special Events Department
It contained the names and Social Security numbers of every employee hired by the department since 1999
The hard drive was used as a backup to an employee's computer.
[Evan] The use of an external hard drive is not necessarily a recommended security practice. There are more secure methods to backup important employee information.
But they say the information was encrypted, and that it's unlikely it could be accessed.
[Evan] Great! I am glad to hear that the external hard drive was encrypted. Hopefully secure key (encryption/decryption) management practices were/are followed. I wonder if the employee's computer is also encrypted, and I wonder if the employee's computer was the "official" repository for this sensitive information as opposed to a central server.
Scott Breckner, who was named director of special events just last month, said Friday that the department was trying to ascertain how many names and Social Security numbers were on the hard drive
the university plans to notify the affected student employees about the theft by letter as a precautionary measure.
"Safety is our concern, no question," Breckner said.
Commentary:
It is refreshing to read about a breach that may not even be a breach because of the use of encryption. If key management was sufficient, then I agree with the school's assessment that in all likelihood the data is safe.
Past Breaches:
Unknown
Posts Atom 1.0
[...]The employees need access to the different drives on the network to get the job done. This need exposes the company to a list of potential problems by those who don’t understand the risks involved.[...]
Reply to this