Lost laptop exposes thousands of pension records
Quest to free all world's imprisoned data continues
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Exclusive A lost laptop containing the personal data of 109,000 Pensions Trust members has sparked the latest in a growing list of information security breach alerts.
The missing machine was stolen from the offices of NorthgateArinso, suppliers of the Pensions Trust's computerised pensions administration system, where it was being used "as a database for development, training and performance testing".
Data on the drive was not encrypted but it was password protected - as if that provides much in the way of reassurance. Data held on the laptop included name, address, date of birth, NI number, name of employer, salary details, name of and relationship to nominees and, for those drawing a pension, bank account details.
Members of six of the Pension Trust's 39 schemes were affected by the breach. The records potentially exposed data from May 2007.
The Pensions Trust sent out letters this week informing affected members that their personal details have potentially been exposed as a result of the breach.
Scans of the letter and factsheets on the breach can be found here. ®
COMMENTS
Not a care about the laptop. All we care about is the data
The comments on here are interesting as they show that all anyone really cares about is the data on the device, not the device itself.
The data in this case isn't protected by encryption, just a password. But knowing the data is on the device, would it make any difference to the peoples perceptions that their private data is on that device?
Surely knowing the data has been removed from the device would be a lot better? Utilising the internet or mobile phone networks you can receive this reassurance through a tool like BackStopp. The data is removed and a report is made available detailing the removal of such data. What price would the company in question pay for that functionality now?
Database?
well MS Access is Database. You might have strong objections against MS Access (I do as well), but it is still a relational database
if it was MS Access 2007, then it could be encrypted using decent ACCDE format (please note word decent, I did not use word good).
Database?
"Data on the drive was not encrypted but it was password protected"
It's not a *database* it's Access
(it is isn't it?)
AndyD 8-)#

IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider