Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Amker on 13. December 2008., 14:31:45

Title: Symantec and HP Lose Employees' Personal Information
Post by: Amker on 13. December 2008., 14:31:45
(http://news.softpedia.com/images/news2/Symantec-and-HP-Lose-Employees-039-Personal-Information-2.jpg)

According to security breach notices received by the Office of the Attorney General in Maryland, recent incidents at both Symantec and HP compromised the personal information of a number of employees. This was the result of two laptops containing sensitive, though unencrypted data, being stolen.

HP announced (PDF file) that the company-issued laptop of an employee was stolen several months back and that the company launched an investigation to determine the nature of the data stored on the computer. The conclusion was that the notebook contained personal information of several thousands of current and former employees, who were participating in the HP benefits program. The information included names associated with Social Security numbers.

Even though HP noted only that the laptop was secured using an username and a password, the company took the step of informing the employees and assisting them in preventing any possible identity theft incident. This was an indication that the data was not encrypted, like was the case of the vast majority of the data loss incidents, because the law required such action to be taken only if there “is a reasonable chance that the data will be misused.“

 
The hardware vendor is working with the authorities to recover the stolen property, but claims that there are currently no indications of the data being accessed or misused. “Steps are being taken to help ensure that this type of incident does not happen in the future,” the company says in its notification.

The security breach announced (PDF file) by Symantec occurred at the beginning of November and also involved a stolen laptop. The information stored on the computer, which was stolen from an employee's home along with other objects, included the names, addresses, and Social Security numbers of around 100 other employees.

The security vendor took similar steps of informing the employees and setting them up with free identity protection services, as, unfortunately, the data on this computer was not encrypted either. The company also noted that it was collaborating with the authorities on the matter, and that there was no evidence of the data being misused.

The number of security breaches that resulted in personal information being compromised exceeded any expectation in 2008, and they originated both in the private and public sectors. Clearly, these two incidents are not amongst the most serious in regards to the amount of data being compromised. However, what is most worrying is that both of these companies are offering encryption-capable data protection solutions and are strong advocates of information security.

Just to exemplify, HP claims that its Drive Encryption for HP ProtectTools is able to encode “every bit of information on a hard drive volume, so that it becomes unreadable to an unauthorized person, and helps you comply with privacy and data protection regulations.” Furthermore, in an article entitled “Security in the Workplace: How to Protect Your Mobile Assets,” HP recommends that you should “encrypt your sensitive data and password-protect your systems.”

Meanwhile, the Symantec Endpoint Encryption product is marketed as providing “advanced encryption for desktops, laptops, and removable storage devices,” and one of the benefits of using it is that it “protects and prevents your information from accidental data loss.” Like laptops being stolen?

sours:softpedia