Blog

Posts Tagged ‘social security number’

Arkansas National Guard Loses Unencrypted Drive

Wednesday, March 10th, 2010

The Arkansas National Guard lost an external hard drive containing unencrypted data. The data on the drive included the Arkansas National Guard personnel file dating back to 1991–complete with names, social security numbers and other personal information which could put the affected Soldiers at risk for identity theft.

Thus far, there is no evidence to suggest foul play. The Guard remains hopeful that the drive is simply misplaced. However, the Guard is making every effort to identify those affected and alert them of the potential data risk.

That is good news–assuming that the Guard is correct and the data isn’t in the hands of anyone with malicious intent. But, what if they’re wrong? Or, what if they’re right that the drive was innocently misplaced, but someone with less-than-honorable intentions locates it before they do?

The fact is that the Arkansas National Guard–and any other organization storing sensitive or confidential information–could have avoided any potential breach of the data by encrypting it. A lost drive doesn’t have to put data at risk if the data it contains is properly protected.

Zecurion Zserver Suite protects data at rest. Zserver Storage’s hard disk encryption functions transparently, ensuring the safety and security of data even if the storage media device is removed–as is often the case for external hard drives. None of the data, including the file allocation tables or any Zserver Storage supporting files, are accessible without authorized encryption keys.

Zserver Storage encrypts most types of data storage hardware and devices including IDE and SCSI hard drives, RAID mirrored drives, CD/DVD optical disks and magnetic tapes, making Zserver Storage a viable, cost-effective alternative to other encrypted storage hardware solutions such as network storage appliances.

The bottom line is that it is unreasonable to expect users not to store sensitive or confidential data on drives–whether internal or external. It should be assumed that drives will contain such information, and organizations should proactively encrypt the data using a product like Zserver Suite to ensure it is protected from unauthorized access no matter where the drive ends up.

Tags: , , , , , ,
Posted in Data Storage Security, Security Breaches & Data Loss Incidents | No Comments »

North Carolina Server Breach Exposes Sensitive Data

Sunday, December 20th, 2009

More than 50,000 users had sensitive information, including drivers license and Social Security numbers, exposed during a server breach in August. The breach of a server at the community college System Office in Raleigh occurred on August 23rd, and officials were aware as of August 24th. An investigation was allegedly begun immediately, but news of the breach was just made public this week–almost four months later.

The official press release regarding the incident explains “The NC Community College System Office began notifying nearly 51,000 library users from 25 community colleges that a security breach occurred on a computer server containing their personal information, including Social Security or driver’s license numbers. All reviews and investigations indicate that no personal information was accessed by the intruder. However, library users with such information on the server will soon begin receiving letters explaining the attack, steps being taken to prevent future breaches and actions they may take to protect their credit and to ensure protection from identify theft.”

The press release describes the attack as a succesful password cracking attempt via the Internet. There are some other questions to answer regarding password complexity and/or how an attacker was able to conduct a password cracking remotely from the Internet, but had the data on the server been encrypted it would have been protected even if the actual server security was breached.  

Tags: , , , , , ,
Posted in Security Breaches & Data Loss Incidents | 1 Comment »