Stolen Anheuser-Busch laptop was encrypted
Technorati Tag: Security Breach
Date Reported:
7/29/08 (UPDATED on 7/30/08 and 8/5/08, see below)
Organization:
Anheuser-Busch Companies, Inc.
Contractor/Consultant/Branch:
None
Victims:
"current and former employees"
Number Affected:
Unknown
Types of Data:
Names, "Social Security numbers, home addresses and marital status"
Breach Description:
"Information about some current and former employees of Anheuser-Busch was stolen during a recent burglary at a company office in St. Louis, according to a statement."
Reference URL:
The Virginian-Pilot
Newport News Daily Press
7/30/08 UPDATE: The New Hampshire State Attorney General breach notification
8/5/08 UPDATE: About 150,000 across the country affected by Anheuser-Busch data loss
Report Credit:
Cindy Clayton, The Virginian-Pilot
Response:
From the online sources cited above:
JAMES CITY - A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office in June, according to a statement from the company.
Several laptops were stolen during the burglary and one contained password-protected, encrypted information about employees and family members
[Evan] Excellent! I wonder if the laptop hard drive was encrypted or just the files. If the encryption was managed well (primarily key management), then it is probably safe to assume that the risk of unauthorized disclosure is low. Certainly lower than if the laptop were only password-protected. Anheuser-Busch deserves some credit for proactively identifying the risk and applying an appropriate control.
The company reported the burglary to police and is working with investigators
It did not say when the burglary occurred, how many people were affected or whether any Hampton Roads employees or ex-employees of Busch Gardens were included
So far, company officials don’t know of any illegal use of the personal information
[Evan] Most commercial encryption products are built in such a way that the information is reasonably "safe" as long as the key (typically a password) is not disclosed. Obviously, the encryption is useless if the password is written on a Post-It note stuck to the keyboard. At the end of the day, if my information were on the laptop, I would not be terribly concerned.
Employees whose information was on the machine were notified and were being offered free credit monitoring for a year
Anheuser-Busch's letter to employees indicates that information contained on the computer included employees' Social Security numbers, home addresses and marital status.
The laptop also contained information on employees' use of the company's employee assistance program, which offers counseling and referrals for work-related health issues
The letter advises employees who need more information to call 1-.
Commentary:
I am glad to read that Anheuser-Busch encrypted this (and maybe all) corporate laptop(s). We have no reason to believe that the password (or key) to unlock (decipher) the information has been compromised and as such, we should be fairly confident that the personal information on the laptop is safe from unauthorized disclosure and use.
Does this post make anyone thirsty?
Past Breaches:
Unknown
Date Reported:7/29/08 (UPDATED on 7/30/08 and 8/5/08, see below)
Organization:
Anheuser-Busch Companies, Inc.
Contractor/Consultant/Branch:
None
Victims:
"current and former employees"
Number Affected:
Unknown
Types of Data:
Names, "Social Security numbers, home addresses and marital status"
Breach Description:
"Information about some current and former employees of Anheuser-Busch was stolen during a recent burglary at a company office in St. Louis, according to a statement."
Reference URL:
The Virginian-Pilot
Newport News Daily Press
7/30/08 UPDATE: The New Hampshire State Attorney General breach notification
8/5/08 UPDATE: About 150,000 across the country affected by Anheuser-Busch data loss
Report Credit:
Cindy Clayton, The Virginian-Pilot
Response:
From the online sources cited above:
JAMES CITY - A laptop containing personal information of current and former employees, including some from Hampton Roads, was stolen from a St. Louis-area Anheuser-Busch office in June, according to a statement from the company.
Several laptops were stolen during the burglary and one contained password-protected, encrypted information about employees and family members
[Evan] Excellent! I wonder if the laptop hard drive was encrypted or just the files. If the encryption was managed well (primarily key management), then it is probably safe to assume that the risk of unauthorized disclosure is low. Certainly lower than if the laptop were only password-protected. Anheuser-Busch deserves some credit for proactively identifying the risk and applying an appropriate control.
The company reported the burglary to police and is working with investigators
It did not say when the burglary occurred, how many people were affected or whether any Hampton Roads employees or ex-employees of Busch Gardens were included
So far, company officials don’t know of any illegal use of the personal information
[Evan] Most commercial encryption products are built in such a way that the information is reasonably "safe" as long as the key (typically a password) is not disclosed. Obviously, the encryption is useless if the password is written on a Post-It note stuck to the keyboard. At the end of the day, if my information were on the laptop, I would not be terribly concerned.
Employees whose information was on the machine were notified and were being offered free credit monitoring for a year
Anheuser-Busch's letter to employees indicates that information contained on the computer included employees' Social Security numbers, home addresses and marital status.
The laptop also contained information on employees' use of the company's employee assistance program, which offers counseling and referrals for work-related health issues
The letter advises employees who need more information to call 1-.
Commentary:
I am glad to read that Anheuser-Busch encrypted this (and maybe all) corporate laptop(s). We have no reason to believe that the password (or key) to unlock (decipher) the information has been compromised and as such, we should be fairly confident that the personal information on the laptop is safe from unauthorized disclosure and use.
Does this post make anyone thirsty?
Past Breaches:
Unknown
Posts Atom 1.0
I worked for AB for 12 years, I highly doubt the data was encrypted. AB didn't even start encrypting credit card data in their databases until 2 years ago when the credit card companies threatened to pull their merchant status.
Reply to this
so what you think people should do about this?
Reply to this