Oh no … not again! On Tuesday, Boeing revealed that an employee’s laptop with sensitive information about more than 380,000 current and former employees had been stolen from a car. This is the third such case at Boeing this year.
The Privacy Rights Clearinghouse has been monitoring reported data breaches since February 2005. According to their website, this incident has pushed the total number of records breached to over 100,000,000.
The interesting thing about the list that they maintain is just how often the security breach results from something like this rather than a hacker breaking into the systems. Here, for example, is a rough analysis of data from the excellent Attrition “Data Loss Database – Open Source” (DLDOS for short) from Dec. 28, 2006:
Although the numbers for stolen/lost laptops look very low (personally, I suspect that some laptop losses might have been lumped into stolen/lost computers?), the impact of poor physical security measures is clear – amounting to over 1/3 of the reported security breaches.
OK … onto my soap box. I know that security awareness education isn’t going to prevent all thefts, but you have to believe that a relatively small investment in education (in parallel with technological measures such as automatic disk encryption) would pay for itself pretty quickly!