Here is another account of personal data for employees being stolen on a laptop. In this particular instance it was a laptop containing the personal information of roughly 13,000 employees of the District of Columbia. The data on the hard drive was not encrypted…even worse there wasn’t even a freakin login password for the operating system. This would normally be a trivial exercise to bypass a windows login password. There are tools such as NTPasswd which are freely available on the internet. Now the reason this is worse, in mind, than the data not being encrypted is that it demonstrates a complete breakdown in security. This laptop was stolen from the home of an employee of ING U.S Financial Services. This company was contracted to administer the retirement program for D.C.
“For us, this is very unfortunate,” she said. “But we’re moving forward, we’re very focused and committed to find any other laptops that don’t have encryption software and to fix that. This incident revealed a gap.”
Two other ING laptops containing information on 8,500 Florida hospital workers were stolen in December, but the employees were not notified until this week, said ING spokesman Chuck Eudy. Neither laptop was encrypted, he said.
ING is subject to the same legislation that governs the financial sector in the U.S. and it is stunning to see that even the most basic security measure was not taken in the case. This type of security failure should be investigated be the law enforcement community.
[tags]ING, D.C employee data, Password Crackers, Password Recovery, Passwords, Data Security, Privacy, Encryption, Data Theft[/tags]
