[ insider_reports_insider ]
Idiot Watch II: Ernst & Young Data Breach
John Stith
Staff Writer
2006-02-27
 Insider Reports RSS Feed
Sometimes crass profanities are truly the best descriptors, though generally not acceptable in a professional world. Last week, software security firm McAfee said their accounting firm, big four member Deloitte & Touche, left a CD with lots of employee information on the plane. Another big four member, Ernst & Young, announced they lost information too.
 | | Ernst & Young Laptop Stolen |  |
And remarkably, an employee's laptop was stolen from their automobile. Oddly enough, the laptop contained Social Security numbers and other personal information. These facts were relayed in the form of a February 13th letter to clients. Perhaps the most astonishing part is there was actually a password required for to access the information. The only salvation for Ernst & Young is the fact the thief was probably didn't know what was actually on the computer and what to do with it. Pity the Ernst & Young customers if they do.
This, along with the Deloitte & Touche incident, really makes one scratch their heads. While there is a legitimate shot the information on these computers probably won't be utilized, all it takes is one time to figure out the information is there and someone who knows what to do with it. But when one considers people were dumpster diving earlier this year for credit card numbers behind department stores, maybe it's not as far fetched as one may think to figure this stuff out.
Now, let's take a bigger look at Ernst & Young. Beth Givens, director of the Privacy Rights Clearinghouse pointed out to the San Francisco Chronicle Ernst & Young offers a specific service called "technology and security risk services" and it exists to help companies fix these problems. "It just points out how pervasive these security breaches are."
She went on to tell the Chronicle, "There are so many things that companies need to factor into their security and privacy protection measures. It's not just firewalls for the computer systems, it's the handling of backup tapes, CDs and DVDs, and paper records."
One interesting little side note for the tech geeks out there is exactly who was in the information compromised. It would be none other than the Sun King himself, Scott McNealy. He told the Register, "This is an organization that we spend an enormous amount of money on to determine we are Sarbanes-Oxley compliant."
For a company that preaches mantras like transparency and security, this seems pretty laughable. Ernst and Young didn't make an announcement regarding the problem until after McAfee announced the Deloitte & Touche fiasco.
Let's sum up here. A data breach of unknown size occurred when a careless individual left a laptop computer in their automobile. It was stolen. While the information was password protected, that was it. There was no encryption, no bio-based security like fingerprints, etc. While financial industry identity fraud accounts for about 6% of the problem, it's going to get a lot worse if these companies keep making it so easy. Yep...this story definitely needed some crass profanity to describe Ernst & Young. The sad thing is there'll be another story just like this one in a few days. The idiot watch will continue.
Get all the updates - click this link: 
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
