Losing a laptop is no fun; not only do you have to get a replacement, all of the files that were on the original are lost. Additionally, depending on the way in which the files were lost, they could potentially in the hands of someone else.
Now, imagine that kind of situation, but with the added headache of it being a work laptop. And then, just to make matters worse, factor in that said lost laptop contains the personal information of more than 10,000 employees at your company, and you have the exact scenario facing one particularly unlucky NASA employee.
The laptop was apparently stolen from the car of an unnamed NASA employee parked at the agency’s Washington, D.C. headquarters on October 31 this year, according to a report released yesterday by the organization’s Office of Inspector General. The report, written by the Inspector General Paul K. Martin himself, explains that the laptop “contained hundreds of files and e-mails with the Social Security Numbers and other forms of personally identifiable information (PII) for more than 10,000 current and former NASA employees and contractors,” adding that “although the laptop was password protected, neither the laptop itself nor the individual files were encrypted.”
The report also claims the laptop’s owner is at least in part to blame for any potential security breach that could occur as a result of the theft, pointing out that “NASA has a variety of options available to help prevent unauthorized access to data stored on its laptop computers,” and that “password protecting a computer using the machine’s operating system is the least effective way to prevent unauthorized access given the relative ease by which hackers can bypass a computer’s logon/password screen and gain full access to stored data.” As a result of this theft, NASA actually changed its security protocols, making it forbidden to remove all non-encrypted laptops from NASA facilities.
As embarrassed as he (or she) must feel over the theft and lack of security in place on the laptop, the owner of the laptop shouldn’t feel as if she (or he) was alone in experiencing this kind of thing. Martin noted that 62 NASA laptops were stolen this year, up from 2011′s total of 45. If that figure sounds particularly high to you, it’s worth placing it in context; NASA owns or leases “upwards of 60,000 desktop and laptop computers,” according to the report, with the agency currently tracking tens of thousands of laptops at any one time.
The theft of the laptop is an expensive one in more than just pride for NASA. Martin writes that, as a result of the theft, the agency contracted a company to provide credit monitoring services for all those who may have been impacted by the theft, with the price tag for those services totaling between $500,000 and $700,000. The moral of this story? Don’t leave your laptops in your cars unattended – and just encrypt everything on there, just in case.