Computer SecurityLaptop Theft Puts Customer Data At Risk

GMAC Financial Services recently began informing customers that their personal data has been severely compromised. Two laptops containing customers' personal data were stolen from a GMAC vehicle in Atlanta recently, exposing the names, addresses, dates of birth, Social Security numbers, credit scores, marital status, and genders of 200,000 people.

As one particularly on-point customer said after receiving notice that his information had been stolen: "I'm not sure how or who determines what constitutes 'secure' when it comes to customers' personal information. However, if company guidelines deem it acceptable to house that data on laptops, in parked cars, then I would question their competence to establish any process and procedure to ensure the security of any data anywhere."

The first article I read about this little fiasco made a big fuss about how great it was that the data on these stolen laptops was "password protected." I thought that this was definitely either misunderstanding coupled with excessive faith in The Man, or it was intentional misunderstanding to avoid a public loss of faith in him. When I read that I thought "yeah, but these are old people, they probably think that putting stuff in 'My Documents' and putting a password on their windows account is security."

So I did a little Google search, read a little more, and uncovered the truth. Yeah, they had "password protection," but no actual encryption. What this means is that if I had these laptops I could get access to that data in 30 seconds, and I honestly don't know shit about security.

This is nothing less than what I expect from a generation that has to be told that the Internet is a good place to look for prior art when investigating patents.

I don't pretend to have answers. I don't know how we can force people to just learn a little about the technology they use every day. I just call them as I see them.

Advertisements