HA HA HA HA
I wonder if there will be any headlines, calling for "ACTION NOW!!!"
Brillaint :)
Northcliffe Media, owner of the Daily Mail, is the latest company to lose a laptop load of sensitive staff information. A laptop containing names, addresses, bank accounts and sort codes of Mail and General Trust staff has been stolen, it emerged last week. The company told staff that the laptop was password protected - and so …
"The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen."
Fingers crossed it was stolen by a crack addict, eh?
"I can assure you that we take security of personal data very seriously and have, since this incident, which was inadvertently caused by a technical issue, already further strengthened procedures."
It's obvious that we don't take security of personal data very seriously (this wouldn't have happened if we did) but I'm going to say we do anyway and hope that pacifies you.
I bet the poor folks at Nationwide who were fined a million quid are hopping mad. They lost a laptop and got royally bitch slapped for it but every organisation since (mainly government) has managed to follow the trend without so much as a slap on the wrist. It's now got to the point where it is not even really newsworthy because the public has been so badly de-sensitised to such things.
This is only worth reporting because everyone outside of middle england hates the Daily Heil hacks for their neo facist views and police state inducing fearmongering and hysteria.They were in fact one of the strongest critics of the incompetence of HMRC so it's quite nice to see them hoisted by their own petard.
A point that does not get highlighted enough is that once your data is out there in the hands of the bad guys you're screwed. You can't get it back. Nobody can change their date of birth, mother's maiden name or National Insurance number. With those three pieces of information identity theft is remarkably straightforward. Even two of them gives a lot of help to the malevolent. It's a lot of hassle to change your bank account details (and heaven help you if you write a cheque as it has you bank details, account number and signature).
Al Quaeda (or any other criminal) needs only to infiltrate some employees into government departments where they get access to all that lovely data and the havoc that can be wreaked is immense. HMRC's lost disks may not have fallen into the wrong hands but who is to say that CD Rom's of all our data have not been copied already unlawfully?
Instead of collecting ever more data on each of us and linking it together the Government needs to re-think the whole issue of data security.
Let’s face it bean counters seem a little lost in the outside world with its big sky and this results in then getting very confused with how many bags they had, was it one or two or one + vat?
Inevitably they are going to lose the things in inappropriate way.
The solution would be to put all of their systems onto a SaaS model so that it would not matter that the laptop was stolen as nothing would be stored on the laptop (or so the sales man would tell them, the reality may be a little different).
Then when I get a new laptop from the market I won’t have to be faced with a HD full of poorly wiped personal information.
Fines are pointless in cases like this, all that happens is the cost is passed on to the customer (taxpayer, whatever) and meanwhile the management bonuses carry on as before.
If these rules are to be effective, indeed if any "corporate" rules are to be effective, then being done for breaking the rules needs to reliably lead to real personal sacrifice for the people in charge. Until that happens, the breaches will continue as before, because there's absolutely no meaningful motivation to ensure the rules are followed.
They did it in the US e.g. for some of the Enron fraudsters (including, iirc, some UK-resident Natwest employees), maybe in the we should try the same over here in the 51st state.
For what it's worth, a few days ago, iirc two directors of a UK bus company received substantial prison sentences for fraud because they'd been party to faking of records of drivers hours, and (iirc) an overtired driver had an "accident" which killed someone. So maybe it does happen occasionally. Or maybe I dreamt it, because I can't find anything referring to it via any of the obvious keywords on any of the obvious search sites?
I'd be surprised if this wasn't really the case; but rather that the Daily Mail has actually flogged all of this data, but realises (unfortunately probably quite rightly) that these days losing data is so commonplace that nobody really makes any noise anymore when it happens... so instead why not just put out a story that they lost it and wait for any "fuss" to quickly blow over.
"I am sure it was reported in the Daily Mail that, "The likelihood is that this theft was carried out in an opportunistic manner by a illegal immigrant, hoodie, who was involved in the Diana killing!""
You forgot that they were economic terrorist black polish muslims who came over here to steal our jobs and morals. As well as laptops from innocent publishers of the news- only there to inform the general propulace of the hum-drum goings on in the world.
... but not nearly as seriously as if we were to face a large fine and security policy audit from the ICO.
How much data has to be lost before the blame can be shifted to the idiots carrying the data rather than the drug addled crack head how is only after a fix.
When i am carrying a laptop, it tends to be my own.. i.e. that i paid for, which gives me about 499.99 reasons to be careful of loosing it!!!
For sheer, mind-boggling incompetence and stupidity this stands in a class of its own.
The tragedy is that this story of sloppiness and utter irresponsibility is just another example - albeit an extreme one - of the way in which standards of competence in our newspapers, once the highest in the world, have been allowed to plummet under Labour's stewardship.
http://www.dailymail.co.uk/news/article-495323/A-betrayal-trust-epic-scale.html
One assumes that Dacre, or whoever runs the Daily Wail, has already tendered his resignation.
"The company apologised for any inconvenience or annoyance caused by the theft."
No offer of financial compensation though, eh?
Ergo no *tangiable* mitigation of the effects of their negligent actions.
Once again, those "at the top" are failing to take any taking responsibility: I'm alright Jack.
Surely there's something in ISO-9000-and-whatever that covers QA for data security. Such a badge of honour would be a worthwhile thing to flaunt in these times, no? I'd certainly err towards companies that were able to demonstrate a *universal* and *credible* clam to actually give a damn about safeguarding the privacy of my data.
"The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen. "
... So the Laptop thief get's told by the laptop owners that it is 10x more valuable than they first thought...
Given the amount of valuable Data going AWOL these days, I'd be surprised if the average opportunist Laptop thief hasn't learned to have a look for data that is more valuable than the laptop.
The laptop contained STAFF details, not customer details.
So it's the staff that is screwed, which makes for a refreshing change, for once.
And I'll bet that there's going to be a rather cold snap of suspicion concerning anyone who lugs around a laptop in the coming months in the halls of the Daily Mail. Nothing like a hive full of eyes to make a laptop carrier more aware of what he has in his hands.
Pity the poor guy who puts down his laptop and goes for a coffee - he'll be hanged before he takes the third step.
To help those of you wondering how a technical problem results in the theft of a laptop ... how about ...
technically, we shouldn't have left it lying about with only a password to protect its unencryted data, technically it shouldn't have had the data on it in the first place and technically it's all the fault of the IT department because they didn't chain it to the desk.
True.nobody can change their mother's maiden name, but it's hardly a secure bit of info, is it? All my relatives know it for a start (not that I don't trust them).
The name I gave my Internet bank when they asked for it, actually belonged to an ex-girlfriend. Far more secure.
It's hilarious... the first thing I thought was 'HAHAHAHA' and guess what the first comment is...
Damn! We're all so de-sensitized that some among us find it hilarious now when countless peoples personal, private information is pissed up the wall by the twats who give us no choice but to hand it over to them in the first place.
I don't know if people should be locked up for these kinds of breaches, but someone should definitely pay. Maybe their personal details (I mean ALL personal details) should be publicly posted?
I reckon most CEO's would hate the thought of everyone knowing all that stuff about them and perhaps institute good practices to try and ensure that the lesser mortals could expect the same?
Damn, this makes me SO angry.. but I'm still laughing!
AAArrrrGGG
/RANT
Even if it was stolen by a crack addict, invariably stolen laptops are likely to find themselves in the hands of someone savy enough to wipe, and rebuild them at some point. - This is likely to be someone also smart enough to have a gander first for just this sort of information.
I recon this is a typical tabloid stunt, and one of the other papers will have an expose in the coming weeks, claiming the laptop 'fell in to their possession'. They will retrieve said data, go on to interview staff members affected and bang on about ID Fraud etc etc, before printing pictures of them returning the laptop to it's rightful owner, all the time taking the moral high ground, despite the fact it's was likely to have been stolen to order by the newspaper it's self.
I work for a subsidiary of the Daily Fail and since I get paid peanuts, I'm not really too bovvered about some illiterate oik having all my financial details - my debt is your debt. Mate.
But still, this spate of sausage-fisted tossing about of sensitive information is astounding. Keep the goddamn information encrypted on a secure server, not on some bloody textpad document on the financial wanker's laptop!
Aaaaaaaargh! The mind boggles...
"The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen. "
What a load of bull. All the thief needs to do is read this article (or others on the web) to get an idea of what is on the laptop.
Since data theft has spread it wings, why would the thief not have a look to see what is on there?
"The company apologised for any inconvenience or annoyance caused by the theft."
In the vain hope that nobody sues them, presumably. I just hope that some of the victims were lawyers. Should play well in the rest of the meeja, or at least test the 'honour among thieves' adage.
As for "inconvenience or annoyance", I'm sure those aren't terms they use when reporting similar incompetence by others!
This story, and a previous one on a similar subject, both carry a "reassurance" from some dim spokesperson say the data or laptop was password protected.
Surely a savvy 10 year old could get round that one....Knoppix boot disk, hex editor, or in the days of plain DOS, Disk Doctor!
Mine's the one with a Linux boot system on a memory stick in the pocket.