Nearly a dozen laptops are stolen from Charter Communications
Technorati Tag: Security Breach
Date Reported:
8/13/08
Organization:
Charter Communications*
*Charter Communications, Inc., the third-largest publicly traded cable operator in the U.S., serves approximately 5.7 million customers in 29 states. A Fortune 500 company, Charter is headquartered in St. Louis, Missouri, and its stock is traded on the NASDAQ stock exchange under the symbol CHTR. The company’s chairman and largest shareholder is Paul G. Allen, co-founder of Microsoft. (Source: About Charter)
Contractor/Consultant/Branch:
None
Victims:
Current and former employees
Number Affected:
"more than 9,000"
Types of Data:
Names, dates of birth, Social Security numbers and driver's license numbers
Breach Description:
"GREENVILLE, S.C. — Officials with one of the nation's largest cable and Internet providers say nearly a dozen laptops containing the personal information of 9,000 of its current and former employees have been stolen from a South Carolina office."
Reference URL:
Fort Mills Times
WYFF Channel 4 News
Worcester Telegram & Gazette
Report Credit:
Lisa Eckelbecker, Worcester Telegram & Gazette
Response:
From the online sources cited above:
Cable television operator Charter Communications Inc. is alerting employees, including some in Massachusetts, that their personal information was involved in a security breach that occurred when a number of laptop computers were stolen last month from a Charter media facility in Greenville, S.C.
"There was a break-in in our Greenville, S.C., office, and a number of employee laptops were taken," said Marty Richmond, a spokesman for St. Louis-based Charter.
[Evan] I wonder how long it took for Charter to identify the break-in. Do you suppose it was immediately or maybe the next morning? Below, it is noted that the break-in "occurred" on July 14th. July 14th was a Monday. Did the break-in occur on July 14th or did it occur over the prior weekend? If the scene was at all like it is in many companies, the laptops were likely out in the open on people's desks.
"In the process of identifying the information contained on the laptops, we discovered the personal information of about 9,000 current and former employees."
Charter employs 16,500 people, and the breach affects people across the country.
[Evan] Chances are pretty good that if you work for Charter Communications, you are affected.
The personal information consisted of names, dates of birth and Social Security numbers.
Mr. Richmond declined to say how the laptops were used, why they contained the information and whether the records were encrypted.
[Evan] Should we assume then that the information was not encrypted?
Charter reported the theft to local police officials in South Carolina and began informing affected workers and former workers last week
The Greenville County Sheriff's Office is investigating the theft
The company does not know of any misuse of the information
[Evan] Nor would it be likely that the company would know, especially given that the breach occurred less than a month ago and bad people don't often announce their intentions.
No customer information was involved
In one letter sent to a Massachusetts individual, Charter said the breach occurred July 14
[Evan] Less than 30 days to notify. Charter should get some credit for responding promptly.
Mr. Richmond would not discuss any security measures that Charter has taken in the aftermath of the South Carolina laptop thefts
In its letter to those affected, the company said it has "taken immediate steps to fortify the security measures that were already in place."
[Evan] No detail.
Charter is offering one year of free credit monitoring services through Kroll Inc. to impacted current and former workers. Those interested in the service must respond by Sept. 30.
Commentary:
We don't know much about this breach, but we can speculate on some of the details. Additional public information will likely be available at some point. One thing that I noticed about Charter Communications is the lack of information security executive leadership.
Now to generalize, meaning not picking out Charter Communications in particular. Why do you suppose so many organizations lack information security executive leadership? Are not the organization and the leaders that manage it ultimately responsible for the assets of the organization? By some estimates, 80% of a typical organization's assets are intangible, of which information (and knowledge) are substantial. Does this warrant better representation in board rooms? It still seems like too many organizations view information security as an IT issue and a cost center. Information security is NOT an IT issue, it IS a business issue. Poorly managed information security is a cost center, whereas well managed information security is an essential business driver.
I always have an opinion, eh?
Past Breaches:
Unknown
Date Reported:8/13/08
Organization:
Charter Communications*
*Charter Communications, Inc., the third-largest publicly traded cable operator in the U.S., serves approximately 5.7 million customers in 29 states. A Fortune 500 company, Charter is headquartered in St. Louis, Missouri, and its stock is traded on the NASDAQ stock exchange under the symbol CHTR. The company’s chairman and largest shareholder is Paul G. Allen, co-founder of Microsoft. (Source: About Charter)
Contractor/Consultant/Branch:
None
Victims:
Current and former employees
Number Affected:
"more than 9,000"
Types of Data:
Names, dates of birth, Social Security numbers and driver's license numbers
Breach Description:
"GREENVILLE, S.C. — Officials with one of the nation's largest cable and Internet providers say nearly a dozen laptops containing the personal information of 9,000 of its current and former employees have been stolen from a South Carolina office."
Reference URL:
Fort Mills Times
WYFF Channel 4 News
Worcester Telegram & Gazette
Report Credit:
Lisa Eckelbecker, Worcester Telegram & Gazette
Response:
From the online sources cited above:
Cable television operator Charter Communications Inc. is alerting employees, including some in Massachusetts, that their personal information was involved in a security breach that occurred when a number of laptop computers were stolen last month from a Charter media facility in Greenville, S.C.
"There was a break-in in our Greenville, S.C., office, and a number of employee laptops were taken," said Marty Richmond, a spokesman for St. Louis-based Charter.
[Evan] I wonder how long it took for Charter to identify the break-in. Do you suppose it was immediately or maybe the next morning? Below, it is noted that the break-in "occurred" on July 14th. July 14th was a Monday. Did the break-in occur on July 14th or did it occur over the prior weekend? If the scene was at all like it is in many companies, the laptops were likely out in the open on people's desks.
"In the process of identifying the information contained on the laptops, we discovered the personal information of about 9,000 current and former employees."
Charter employs 16,500 people, and the breach affects people across the country.
[Evan] Chances are pretty good that if you work for Charter Communications, you are affected.
The personal information consisted of names, dates of birth and Social Security numbers.
Mr. Richmond declined to say how the laptops were used, why they contained the information and whether the records were encrypted.
[Evan] Should we assume then that the information was not encrypted?
Charter reported the theft to local police officials in South Carolina and began informing affected workers and former workers last week
The Greenville County Sheriff's Office is investigating the theft
The company does not know of any misuse of the information
[Evan] Nor would it be likely that the company would know, especially given that the breach occurred less than a month ago and bad people don't often announce their intentions.
No customer information was involved
In one letter sent to a Massachusetts individual, Charter said the breach occurred July 14
[Evan] Less than 30 days to notify. Charter should get some credit for responding promptly.
Mr. Richmond would not discuss any security measures that Charter has taken in the aftermath of the South Carolina laptop thefts
In its letter to those affected, the company said it has "taken immediate steps to fortify the security measures that were already in place."
[Evan] No detail.
Charter is offering one year of free credit monitoring services through Kroll Inc. to impacted current and former workers. Those interested in the service must respond by Sept. 30.
Commentary:
We don't know much about this breach, but we can speculate on some of the details. Additional public information will likely be available at some point. One thing that I noticed about Charter Communications is the lack of information security executive leadership.
Now to generalize, meaning not picking out Charter Communications in particular. Why do you suppose so many organizations lack information security executive leadership? Are not the organization and the leaders that manage it ultimately responsible for the assets of the organization? By some estimates, 80% of a typical organization's assets are intangible, of which information (and knowledge) are substantial. Does this warrant better representation in board rooms? It still seems like too many organizations view information security as an IT issue and a cost center. Information security is NOT an IT issue, it IS a business issue. Poorly managed information security is a cost center, whereas well managed information security is an essential business driver.
I always have an opinion, eh?
Past Breaches:
Unknown
Posts Atom 1.0
Comments