 |
Add Remote Backup Services to your existing business, or start
a profitable Internet-based online backup service for a high profit recurring
revenue stream.
Click
here for more info. |
| Top
Security News |
VeriSign Admits To Profiling
VeriSign unveiled this week its Security Risk Profiling Service, a security package aimed at helping enterprises identify, visualize and quantify information security risks...
Watch Out For IRS Phishing Net
The National Crime Prevention Council (NCPC) is warning taxpayers to watch out for cyber crooks posing as the IRS to steal personal information...
DNS Attack Threat May Be Overstated
The simplicity of how attackers can turn thousands of domain name servers against a target not only boggles the mind but constitutes a tremendous threat to Internet resources; however, the vulnerability may be more a matter of poorly configured machines...
Help Take A Bite Out Of E-Crime
The pros at WebProWorld have compiled a nice list of reporting agencies and law enforcement websites where concerned Netizens can drop a dime on the punks bringing this town to its knees...
Study Shows IE More Vulnerable To Spyware
A new study found that one of every 67 webpages exploits a vulnerability in Internet Explorer...
|
|
|
|
Idiot Watch VI, Hewlett Packard edition: Fidelity Investments has lost a laptop containing lots of personal data for some 80,000 HP employees.
Pretty soon technology companies are going to start requiring staffers from the financial firms they employ to handcuff their laptops to their wrists, like some courier from an old spy movie.
Considering The Register's report on the latest in an unpleasant series of "personal data versus careless financial companies," HP employees may want those laptop-toting types to be outfitted with cyanide capsules. Forcefully if necessary.
The article by Ashlee Vance noted the contents of an email HP folks likely did not enjoy finding in their inboxes:
"This is to let you know that Fidelity Investments, record-keeper for the HP retirement plans, recently had a laptop computer stolen that contained personal information about you, including your name, address, social security number and compensation," employees learned via email.
Fidelity has also set up a web site that "includes some immediate steps that you can take to protect yourself, as well as information about how to enroll for a 12-month period of credit monitoring at no cost to you and a Fidelity call center number in case you have additional questions."
Add Remote Backup Services to your existing business, or start
a profitable Internet-based online backup service for a high profit recurring
revenue stream.
Click
here for more info. |
|
The company also provided more details of the problem in a statement reproduced in the report:
"At this time, we are unaware of any misuse of the information contained in the software on the laptop," said Fidelity spokeswoman Anne Crowley. "The application was running on a temporary license from a third-party software vendor. The license has expired. Since the expiration of the license, the scrambled data would be difficult to interpret and generally unusable.
"We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use. We have also employed additional security controls above and beyond our already significant monitoring activity to identify if there is any unusual activity in these accounts. Further, we have reviewed activity in the HP accounts and have found no indication of unusual or suspicious activity."
At least Fidelity has indicated a couple of things that could mitigate the potential damage stemming from their laptop going on walkabout: higher-level account monitoring and "scrambled" data. Scrambled isn't the same as encrypted, though, and just because the data would be "difficult to interpret and generally unusable" rules out neither interpretation nor usability.
We at SecurityProNews heartily recommend Fidelity, and other firms that regularly leave valuable data laying around on laptops, spend some quality educational time reading and considering the topics and essays by security expert Bruce Schneier. Whatever in-house lessons or training on proper data security practices these companies conduct just doesn't seem to be taking hold with anyone.
About
the Author:
David Utter is a business and technology writer with WebProNews and SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
