Losing a laptop is no fun; not only do you have to get a replacement, all of the files that were on the original are lost. Additionally, depending on the way in which the files were lost, they could potentially in the hands of someone else.
Now, imagine that kind of situation, but with the added headache of it being a work laptop. And then, just to make matters worse, factor in that said lost laptop contains the personal information of more than 10,000 employees at your company, and you have the exact scenario facing one particularly unlucky NASA employee.
The laptop was apparently stolen from the car of an unnamed NASA employee parked at the agency’s Washington, D.C. headquarters on October 31 this year, according to a report released yesterday by the organization’s Office of Inspector General. The report, written by the Inspector General Paul K. Martin himself, explains that the laptop “contained hundreds of files and e-mails with the Social Security Numbers and other forms of personally identifiable information (PII) for more than 10,000 current and former NASA employees and contractors,” adding that “although the laptop was password protected, neither the laptop itself nor the individual files were encrypted.”
The report also claims the laptop’s owner is at least in part to blame for any potential security breach that could occur as a result of the theft, pointing out that “NASA has a variety of options available to help prevent unauthorized access to data stored on its laptop computers,” and that “password protecting a computer using the machine’s operating system is the least effective way to prevent unauthorized access given the relative ease by which hackers can bypass a computer’s logon/password screen and gain full access to stored data.” As a result of this theft, NASA actually changed its security protocols, making it forbidden to remove all non-encrypted laptops from NASA facilities.
As embarrassed as he (or she) must feel over the theft and lack of security in place on the laptop, the owner of the laptop shouldn’t feel as if she (or he) was alone in experiencing this kind of thing. Martin noted that 62 NASA laptops were stolen this year, up from 2011′s total of 45. If that figure sounds particularly high to you, it’s worth placing it in context; NASA owns or leases “upwards of 60,000 desktop and laptop computers,” according to the report, with the agency currently tracking tens of thousands of laptops at any one time.
The theft of the laptop is an expensive one in more than just pride for NASA. Martin writes that, as a result of the theft, the agency contracted a company to provide credit monitoring services for all those who may have been impacted by the theft, with the price tag for those services totaling between $500,000 and $700,000. The moral of this story? Don’t leave your laptops in your cars unattended – and just encrypt everything on there, just in case.
(Via.)
Call the cops NASA. They’ll help you out (NOT!). With security software like Devicetrack.net , laptops can be located and reclaimed by Police. Why doesn’t every Gov employee have this on their laptop? At a minimum, they could wipe the data remotely with this kind of software.
This is why I only give my social security number out to the IRS and my accountant. Everyone else doesn’t need it.
Can I have it?
ok, let me mail it to you. I just need your name and physical address
Ok But I’ll need your CC# Before I can give it to you.
I can’t send you my CC# until I have your address. We here at Jesterking Dynamic pride ourselves on customer satisfaction. We care to leave a paper trail of your personal information scattered aimlessly. So much so that we do not use computers. Use them? We don’t even know how to turn them on. So to provide you with a quality identity theft experience, we require all communications to be submitted via postal service. Additional iteams that will help us abuse you that you could consider submitting to us, is a sample of your DNA (eye lash, blood, saliva, etc.), mothers maiden name, current and past three addresses, social security number, street your grew up on, name of siblings, signature, and the names and addresses of all of your immediate family members. Thank you for contacting us with your inquiry. Remember, you’re satisfaction is guaranteed. If you do not feel your identity was properly and efficiently defamed within 30 days, we will return the items you sent us, no questions asked.
Items even…
Its pretty easy to bypass a password to get at files, Just get a boot CD of ubuntu and explore that Harddrive.
or plug the hdd in an external usb case and explore that way as well. Unless, of course, the drive is encrypted. TrueCrypt FTMFW!