A break-in at Middlesbrough Council has resulted in the loss of nine laptops containing sensitive case files on up to 63 vulnerable children. The laptops, used by social workers to keep case records about vulnerable kids and their families, were password protected and protected by "some encryption", the BBC reports. Nonetheless …
In my experience children are more at risk from the council than anyone who comes into possession of the data.
And no, i am not using the joke icon.
"While this theft may have been entirely opportunistic, with the laptops already sold on,..."
It is true that "when they picked up the laptops" the crooks probably didn't know what they were getting. However, it would be naively optimistic to assume that they didn't look before passing them on, or that their fence does not do so before deciding how to finally dispose of the items.
What the hewl?
It's hard to believe how incredibly stupid government agencies are.
When I were a lad one of the things drummed into us was not to keep other people's personal data on computer. That you could go to gaol for keeping other people's data online -even if you were running a charity or social club.
So now we have the idiots in charge of the most personal of personal data actually employed by the people who police us all and the data of all data being hung out like washing on a line left overnight.
I dare say they will issue an apology then forget everything they might have learned.
Criminal idiocy has its feet well under the table at night in Britain.
At least there was some encryption
It may not be much, but by the sounds of it, at least they tried to protect the data in the event of a theft.
Which when you compare it to other such stories is more than you would normally expect from a local council operation.
I know all the laptops at work here, have their entire HDD's encrypted using PGP in case of such eventualities, and although I'm sure a dedicated hacker could work their way round it with enough time / resources etc. (I'm not naive enough to believe any security is uncrackable) it would certainly stop the majority of people from accessing the data.
I say sorry to the people who have lost their machines, and to the children who's support will have been delayed / impacted, but well done to the IS team for thinking ahead enough to have done something.
Probably means they have their mail client set for encryption, most councils wont be using any real encryption methods
But who really knows?
What we're left with is a huge uncertainly about the quaility of the protection.
The Americans set a formal standard, but what was good enough 10 or 15 years ago might be looking pretty flimsy now.
And, if it's decent encryption, rather than a passworded zipfile, hardly anyone outside of GCHQ has a chance of getting at the data.
Heck, if you put a Suduku game in the StartUp folder, most crooks would waste a couple of days trying to log in.
@ I. Aproveofitspendingonspecificprojects
I suggest you clarify whose spending you approve of.
And BTW, would you like another "pee".
Doesn't mean much. If they were serious, they'd have all the data locked up on a single server with good encryption, and that server locked up somewhere secure (ie, within a cage).
This stuff is akin to Networking 101. Why can they just not follow it properly?
@Dave the standard changed in 2002
AES (advanced encryption standard) so far as I know isn't very susceptible yet to brute forcing especially in 256 bit key length but of course it may not have been used in this case.
The definition of stupidity
It's interesting to see the comments put on here - partly because most seem to be resigned to losing the equipment in the first place.
How about ensuring the laptops were put away in a half-decent metal cupboard with a good strong lock on it, behind a door similarly secured. If the scum can't see or know where the equipment is stored - or even if they do they find it very difficult to get near the stuff - then how are they going to nick it?
Security isn't restricted to technology - it starts and ends with people. Make the users aware and appreciate the need to care for the equipment as if it were their own and give them the means to store their equipment properly and not such stuff sitting on desks. If they wish to retain a cavalier attitude, then make them personally responsible for loss, damage or theft. Common sense rarely prevails in a Council sadly, so this certainly won't come from their so-called review. Idiots.
Not that the Council staff involved would care. They're probably looking through a Dell catalogue right now and slobbering over some tat.
This data should be stored on a network drive, so if the laptops get nicked, there's nothing sensitive on them.
Local storage is a big no-no in my part of the NHS, and should be in SS circles too.
While this is not relevant to this issue but the strangest things must go through a thief's porported mind when the alarm goes off.A good few years ago at one firm I worked for had several thousand pounds worth of booze wine etc.(not under lock and key) the person who broke in did not take any of this instead took the office kettle and vacuum cleaner.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers
- Kate Bush: Don't make me HAVE CONTACT with your iPHONE