Stolen Oregon National Guard laptop puts guardsmen at risk
|
Date Reported:
6/22/10
Organization:
The National Guard Bureau
Contractor/Consultant/Branch:
Oregon National Guard
Location:
Victims:
Oregon National Guard members
Number Affected:
Undisclosed*
*"It could potentially affect a lot (of people)," said Capt. Stephen Bomar, spokesman for the Oregon National Guard. "I don't have enough information to say just how many."
Types of Data:
"sensitive personal information of service members, including Social Security numbers"
Breach Description:
"PORTLAND, Ore. - A laptop belonging to an Oregon National Guard member was stolen this week and the military is contacting service members who might be affected by the theft."
Reference URL:
KATU.com
Statesman Journal
KPTV.com
Report Credit:
KATU.com Staff
Response:
From the online sources cited above:
The Oregon National Guard took on a new mission Tuesday, identifying and notifying soldiers whose personal information may be at risk after a laptop was stolen from a Guard member's vehicle in the Portland area.
[Evan] This is another case where we read nothing about encryption, so we will assume that the information contained on this laptop was not adequately protected.
"It could potentially affect a lot (of people)," said Capt. Stephen Bomar, spokesman for the Oregon National Guard. "I don't have enough information to say just how many."
The theft was reported Monday to the Portland Police Bureau. The National Guard released information about the security breach late Tuesday.
"Although this laptop is password-protected, with potential exposure of individual personal information, we are doing everything possible to notify individuals about the theft," Bomar said.
The laptop, which the Guard member was using to conduct work from home, may have contained the sensitive personal information of service members, including Social Security numbers, Bomar said.
The computer was stolen from the car of a citizen soldier who was using the laptop to work from home.
The Oregon National Guard and the National Guard Bureau are contacting people whose personal information may be compromised.
Legal services are available for people who may require assistance through the Oregon National Guard Office of the Staff Judge Advocate, according to a press release.
"I believe we've had other equipment stolen," Bomar said, "but nothing to this scale that contains personal information."
[Evan] Does this mean that Oregon National Guard leadership knew about the risks of lost/stolen equipment and did not account for data that may be contained on some of this equipment. If you know that equipment is lost/stolen, wouldn't you look for necessary mitigating controls (such as encryption) to limit exposure of the data on equipment? Equipment is nothing to replace compared to sensitive data.
They're also re-examining procedures to determine whether changes need to be made.
[Evan] I would be very interested to know what the organization's procedures are in regards to mobile device security. Did the "citizen soldier" who left the laptop in his/her car violate any National Guard procedures?
Commentary:
Organizations that authorize the use of mobile devices must account for the risks involved in using such devices. Adequate administrative, physical, and technical controls must be in place to reduce the risk of unauthorized information disclosure, modification, and/or destruction. In this case, it appears as though controls to prevent physical theft of devices and the controls to prevent unauthorized information disclosure are both severely lacking. Unfortunately, it may not be too much of a stretch to assume that many necessary controls are missing from the National Guard's information security program as a whole.
Past Breaches:
The National Guard Bureau:
Very few details are available for Missouri National Guard breach
Posted by Evan Francen at 6/24/2010 9:16 AM 
Categories: National Guard Bureau, Oregon National Guard, Stolen Laptop
Categories: National Guard Bureau, Oregon National Guard, Stolen Laptop
Posts Atom 1.0
Comments