What is happening with English data security?
- Thread starter Yramrag
- Start date
demonherald
New member
It\'s the latest in a long long string of complete cock ups...
I think half the worry is that it has been going on for ages but it\'s only the last year or so that the news has gotten a hold of it.. there just seems to be a lack of loic being applied a lot of the time..
I think half the worry is that it has been going on for ages but it\'s only the last year or so that the news has gotten a hold of it.. there just seems to be a lack of loic being applied a lot of the time..
Its always been bad, its just now people are noticing and its hitting the news.
I\'d bet theres been huge losses of data in the past and no ones noticed.
For example Halifax accidentally sent me 5 copies of full customer histories (my own and four strangers), it was meant to be an internal mail envelope but someone must have stuck it in external and it went to me because royal mail opened it and found my address on first page.
At work now (i work in IT for a telco) our laptops are all encrypted incase anyone loses one (impossible to recover data without the pass key) and we have usb pen drives with encryption for documents, companies are starting to take notice and take precaution.
I\'d bet theres been huge losses of data in the past and no ones noticed.
For example Halifax accidentally sent me 5 copies of full customer histories (my own and four strangers), it was meant to be an internal mail envelope but someone must have stuck it in external and it went to me because royal mail opened it and found my address on first page.
At work now (i work in IT for a telco) our laptops are all encrypted incase anyone loses one (impossible to recover data without the pass key) and we have usb pen drives with encryption for documents, companies are starting to take notice and take precaution.
It just makes me think - what\'s so difficult about STOPPING these electronic data losses - they aren\'t caused by infiltration by hackers or theft from the source - but by idiots taking the data out on memory sticks, CDs and whole laptops! :evil:
Surely the easiest thing is not to allow people to take any of these OUT of the secure area. I know it\'s easy to accidentally carry out a memory stick, but the only thing you\'d need is a small sensor that sets off an alarm if someone has one on them - like at supermarkets and libraries.
Or am I missing something? :cussing:
Surely the easiest thing is not to allow people to take any of these OUT of the secure area. I know it\'s easy to accidentally carry out a memory stick, but the only thing you\'d need is a small sensor that sets off an alarm if someone has one on them - like at supermarkets and libraries.
Or am I missing something? :cussing:
johnboyjjb
Active member
Most of those are activate (deactivated) with magnets which are generally not good for data storage systems.
I know we got the complete history of some poor guy when the stapled his eviction notice to the side of our house instead of his. It was an issue of NW and SW in the address. This had social security numbers and credit history as well as loan numbers.
PegaZus
Stealth Freak
Lesse.... CDs, DVDs, older memory sticks, email, off-network storage, Fed-Ex, general hackers, and small screwdrivers for removing the sensors.
It would be too easy to walk out with any type of electronic media, which on second thought was your point in the first place. But, just slapping a sensor on the new ones won\'t solve the problem either.
Course, the company I used to work for has what seemed at the time an extreme policy for computers: When one computer was retired, or even reassigned, the entire hard drive was overwritten five times with random information, then the actual magnetic disk was sent into the shredder before being burned.
And yet it takes ONLY ONE executive running late to leave his laptop sitting in the plane with all kinds of information. Stupidity will defeat policy any day.
Shawn R. L.
New member
It\'s happening all the time. This is one of the latest here - ONE guy locked out ALL OF SAN FRANCISCO from their own network.
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/16/BA4011PFJP.DTL
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/16/BA4011PFJP.DTL
One great problem with the data losses in the UK is that so much of the Civil Service has now been outscourced to so many differing companies, EDS, Fujitsu and others that there is now no central control.
Outscourcing companies are hiring on \"lowest cost/highest profit\" methodologies which in turn leads to employees not giving a Sh*t.
Data losses are not uncommon, it happened regularly when I was a civil servant in the 80\'s, BUT in those cases all the courier transmission was internal, not via a contractor on cheapest cost contracts.
The first of the most recent data losses occurred when a 3rd party company lost data for the Department of Works and Pensions and of course what was never reported was not just the loss of data but the cost of lost working hours trying to trace the physical medium of the data. We are talking several thousand hours of staff hours just doing manual searches just ensuring that there hadn\'t been a mis-filing of the media. (How do I know that....My wife monitors the processes for one of the companies which were expecting the data which wqas missing.)
The latest data loss is down to a couple of things:
1: The company disposing of the equipment being damn careless about scrubbing the hard drives.
2: Someone in the disposal company trying to make a fast profit by selling something on the sly.
Disposal of IT equipment in the UK is governed by so many regulations that most IT departments have to outsource otherwise the overheads become stupid and prohibitive.
Outscourcing companies are hiring on \"lowest cost/highest profit\" methodologies which in turn leads to employees not giving a Sh*t.
Data losses are not uncommon, it happened regularly when I was a civil servant in the 80\'s, BUT in those cases all the courier transmission was internal, not via a contractor on cheapest cost contracts.
The first of the most recent data losses occurred when a 3rd party company lost data for the Department of Works and Pensions and of course what was never reported was not just the loss of data but the cost of lost working hours trying to trace the physical medium of the data. We are talking several thousand hours of staff hours just doing manual searches just ensuring that there hadn\'t been a mis-filing of the media. (How do I know that....My wife monitors the processes for one of the companies which were expecting the data which wqas missing.)
The latest data loss is down to a couple of things:
1: The company disposing of the equipment being damn careless about scrubbing the hard drives.
2: Someone in the disposal company trying to make a fast profit by selling something on the sly.
Disposal of IT equipment in the UK is governed by so many regulations that most IT departments have to outsource otherwise the overheads become stupid and prohibitive.
Mr.S.Marbo
New member
I don\'t think it\'s anything new at all. Also I think the idea it\'s just the public sector that loses and mishandles data is simply not true. It\'s just that the public sector deals with so much information that any mistake is big. Private companies have been losing data well before the big Child Benefit loss. I remember one of those investigation type shows on TV a long time ago. They were looking at high street banks and building societies. They just went through their rubbish and found letters and bank statements in some cases with full personal details on.
A report by the Financial Services Agency in the UK found a \"lack of awareness that customer data is a valuable commodity for criminals,\" and that \"as a consequence, systems and controls are often weak and sometimes absent.\" They concluded that many firms in the financial sector were still not taking the risk of identity theft seriously.
Lets face it companies are there for one thing, to make profit, and if they can still do this and skimp on data security then they will. That\'s why all sorts of things are contracted out to other private companies based on cheapest price rather than safest.
A report by the Financial Services Agency in the UK found a \"lack of awareness that customer data is a valuable commodity for criminals,\" and that \"as a consequence, systems and controls are often weak and sometimes absent.\" They concluded that many firms in the financial sector were still not taking the risk of identity theft seriously.
Lets face it companies are there for one thing, to make profit, and if they can still do this and skimp on data security then they will. That\'s why all sorts of things are contracted out to other private companies based on cheapest price rather than safest.
I run an archive with about 40000 boxes, every thing from patient records to criminal bundles, and or though everyone talks about data security no one has ever check myself or my staff for even a speeding ticket!!
All our paper waste is shredded and recycled but I know a \"confidential shredding\" company that takes all of its paper straight to the recycler and does nothing to it!!! I know this because when one of his clients asked to see his facilities he had to bring them round to my warehouse and \"pretend\" that he owned our shredder!!!!!
All our paper waste is shredded and recycled but I know a \"confidential shredding\" company that takes all of its paper straight to the recycler and does nothing to it!!! I know this because when one of his clients asked to see his facilities he had to bring them round to my warehouse and \"pretend\" that he owned our shredder!!!!!
generulpoleaxe
New member
the passports with biometric data are the first step and they have already lost loads (some blatantly stolen) and have found that it takes just a few minutes to make these usable.
we were better off before WWI to be honest, as goverments didn\'t medle in every persons lives as much.
airhead
Coffin Dodger / Keymaster
The same thing that is happening to electronic security worldwide.
Not too long ago, all that information was keept in mainframes with harddrives the size of dishwashers.
Now, every mid and upper level executive HAS to have a laptop and blackberry to fit in. And of course they cannot be asked to stay in their offices and work - they have a laptop after all.
So we have all that data traveling around the world in little black bags as carry-on.
Not to mention that the data itself can be pulled off onto a chip the size of your thumbnail - and marketed for a tidy profit.
Not too long ago, all that information was keept in mainframes with harddrives the size of dishwashers.
Now, every mid and upper level executive HAS to have a laptop and blackberry to fit in. And of course they cannot be asked to stay in their offices and work - they have a laptop after all.
So we have all that data traveling around the world in little black bags as carry-on.
Not to mention that the data itself can be pulled off onto a chip the size of your thumbnail - and marketed for a tidy profit.
