• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:
    https://forums.radioreference.com/rants/224104-official-thread-live-audio-feeds-scanners-wait-encryption.html

Laptop With D.C. Workers' Data Stolen

Status
Not open for further replies.

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
N

N_Jay

Guest
MacombMonitor said:
Here we go again! This type of data has no business being on the hard drive of a unsecured computer...let alone without password protection. Not that a password would stop an expert, but at least it would show some effort to protect the data! :roll:

Outright criminal negligence, and should be charged as such!

Laptop With D.C. Workers' Data Stolen
http://hosted.ap.org/dynamic/stories/D/DATA_THEFT_DC?SITE=MIPON&SECTION=HOME&TEMPLATE=DEFAULT
It is hard to believe a bank would not have mandatory security in place.
 
N

N_Jay

Guest
seamusg said:
Sounds like they don't have any security if the data can even be loaded onto a laptop.
Not necessarily, the person might have been using it in their job.
Not all data is convenient to work with on-line.

Most bigger companies have established password security plans in place that are fairly hard for the employees to get around.

Not sure why a bank would not.

As for the laptop, I am sure it went to the swap-meet with the hard drive wiped.

The chance of someone knowing what the data is AND knowing how to use it is slim.
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
This isn't the first time this occured at ING!

In the last paragraph of the article:

"Two other ING laptops containing information on 8,500 Florida hospital workers were stolen in December, but the employees were not notified until this week, said ING spokesman Chuck Eudy. Neither laptop was encrypted, he said."
 

seamusg

Member
Joined
Feb 10, 2004
Messages
2,181
Location
Grand Blanc, MI
MacombMonitor said:
This isn't the first time this occured at ING!

In the last paragraph of the article:

"Two other ING laptops containing information on 8,500 Florida hospital workers were stolen in December, but the employees were not notified until this week, said ING spokesman Chuck Eudy. Neither laptop was encrypted, he said."
If the allow downloading of employee data onto laptops then they have no security.
 
N

N_Jay

Guest
seamusg said:
If the allow downloading of employee data onto laptops then they have no security.
We don't know what the data file was.:confused:

We don't know the responsibility of the ING employee.:confused:

We don't know that task they were working on.:confused:

Yet, you KNOW that "customer" data should not have been on the laptop.:confused:
(I am assuming the Washington Employees, or the city itself, is an ING customer)

I guess you are "all knowing", hu??:roll:

(Sorry for the sarcasm, but people here just LOVE to draw conclusions and state them as facts.):evil: :evil:
 

seamusg

Member
Joined
Feb 10, 2004
Messages
2,181
Location
Grand Blanc, MI
N_Jay said:
We don't know what the data file was.:confused:

We don't know the responsibility of the ING employee.:confused:

We don't know that task they were working on.:confused:

Yet, you KNOW that "customer" data should not have been on the laptop.:confused:
(I am assuming the Washington Employees, or the city itself, is an ING customer)

I guess you are "all knowing", hu??:roll:

(Sorry for the sarcasm, but people here just LOVE to draw conclusions and state them as facts.):evil: :evil:
There is NEVER a condition where Employee data should be allowed to be on a laptop.
 

rhutch

Member
Joined
Feb 5, 2005
Messages
568
Location
Ontario
Actually I beleive it was customer info. the City employee's are customers of ING. Customer info is on laptops all the time. Now what level of data is another story.
 
N

N_Jay

Guest
seamusg said:
There is NEVER a condition where Employee data should be allowed to be on a laptop.[/IMG]
Wow, I guess no one works from home, or does any work while traveling anymore.:roll: :roll:
 

seamusg

Member
Joined
Feb 10, 2004
Messages
2,181
Location
Grand Blanc, MI
N_Jay said:
Wow, I guess no one works from home, or does any work while traveling anymore.:roll: :roll:
Employee data should never go home. The person who had it on his laptop, and his boss and the sys admin that allowed the data to be downloaded should all be fired and made to pay all damages.
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
N_Jay said:
Wow, I guess no one works from home, or does any work while traveling anymore.:roll: :roll:
If the database was managed properly, the person with the laptop could possibly work with a sub-set of the data file. It could be void of any personal data that could be a risk, such as Social Security Number, Phone Number, etc, yet still contain a key field to relate back to the master database when updating.

ie:

Master Database

Account No:
First Name:
Last Name:
Address:
City:
State:
Zip:
Home Phone:
Work Phone:
SocSec No:
Savings Acct No:
Checking Acct No:
Beneficiary:
Account Manager:
Sign Up Date:

SUB-SET OF DATA (on laptop)

Account No:
City:
State:
Zip:
Savings Acct No:
Checking Acct No:
Account Manager:
Sign Up Date:


Then after the date on the laptop is updated, it could be merged back into the master database, keyed on the Account No. Of course the database fields would vary, this is just one example.
 
Last edited:
N

N_Jay

Guest
MacombMonitor said:
If the database was managed properly, the person with the laptop could work with a sub-set of the data file. It could be void of any personal data that could be a risk, such as Social Security Number, Phone Number, etc, yet still contain a key field to relate back to the master database when updating.

ie:

Master Database

Account No:
First Name:
Last Name:
Address:
City:
State:
Zip:
Home Phone:
Work Phone:
SocSec No:
Savings Acct No:
Checking Acct No:
Beneficiary:
Account Manager:
Sign Up Date:

SUB-SET OF DATA (on laptop)

Account No:
City:
State:
Zip:
Savings Acct No:
Checking Acct No:
Account Manager:
Sign Up Date:


Then after the date on the laptop is updated, it could be merged back into the master database, keyed on the Account No. Of course the database fields would vary, this is just one example.
And you are making the ASSUMPTION that the "personal data" was not needed for the task?
 

seamusg

Member
Joined
Feb 10, 2004
Messages
2,181
Location
Grand Blanc, MI
MacombMonitor said:
If the database was managed properly, the person with the laptop could work with a sub-set of the data file. It could be void of any personal data that could be a risk, such as Social Security Number, Phone Number, etc, yet still contain a key field to relate back to the master database when updating.

ie:

Master Database

Account No:
First Name:
Last Name:
Address:
City:
State:
Zip:
Home Phone:
Work Phone:
SocSec No:
Savings Acct No:
Checking Acct No:
Beneficiary:
Account Manager:
Sign Up Date:

SUB-SET OF DATA (on laptop)

Account No:
City:
State:
Zip:
Savings Acct No:
Checking Acct No:
Account Manager:
Sign Up Date:


Then after the date on the laptop is updated, it could be merged back into the master database, keyed on the Account No. Of course the database fields would vary, this is just one example.
When I was working we had a system called Secure ID, which was a dialup access to the company network where you had a card with a number that changed every 60 sec. or 15 sec. (for higher access accounts) the number was part of your password. Each login had a limited amount of access to systems. On some of the systems my login had to have a special one hour access activated to use it. This was for accessing the phone line testing equipment.
 

MacombMonitor

Member
Joined
May 18, 2005
Messages
3,551
N_Jay said:
And you are making the ASSUMPTION that the "personal data" was not needed for the task?
No, as I said:

"Then after the date on the laptop is updated, it could be merged back into the master database, keyed on the Account No. Of course the database fields would vary, this is just one example."


There you go again N_Jay! Just stirring up more useless thread clutter!
 

Attachments

n4voxgill

Silent Key
Joined
Dec 15, 2000
Messages
2,579
Location
New Braunfels, TX
Without knowing what this persons job responsibilities were, I don't think we can judge what information was needed. An account representative that goes from one DC work site to another working with employees may well need all of the information.

It is so easy to jump to wrong conclusions when you don't have all of the facts. But there is no excuse for not having a high level of pass word protection.
 
N

N_Jay

Guest
seamusg said:
Employee data should never go home. The person who had it on his laptop, and his boss and the sys admin that allowed the data to be downloaded should all be fired and made to pay all damages.
Just curious, is this based on some particular requirement of a particular industry?
 
N

N_Jay

Guest
n4voxgill said:
Without knowing what this persons job responsibilities were, I don't think we can judge what information was needed. An account representative that goes from one DC work site to another working with employees may well need all of the information.

It is so easy to jump to wrong conclusions when you don't have all of the facts. But there is no excuse for not having a high level of pass word protection.
Well put, (but seamusg and MacombMonitor might not agree):roll:
 
N

N_Jay

Guest
seamusg said:
It's seems to be a trend that data on laptops keeps disapearing lately.
I think Laptop theft has been an issue ever since laptops were invented.

Like a lot of things in the news, it has much more to do with how much attention the media is putting on the issue then how important the issue really is.

Identity theft is a high news item, so it is highlighted.

I have used the RSA Security SecureID system. It is a nice way to add a layer of security in top of a password protected VPN.

It still does not address the need for a secure password system on the Laptop itself.
I don't think they have a version that does not require a server to verify the password/secure key pair.
 
Status
Not open for further replies.
Top