HSBC has admitted that it has misplaced 370,000 customer details, which were put in the post a month ago on an unencrypted disc. The envelope has not arrived at its intended destination - a reinsurance firm. A spokesman for HSBC told the Reg: "We have sent a disc to our reinsurers which they never received. The disc was not …
hardware encrypted USB's
Why not use them? They are inexpensive and if found, can't be hacked.
One way to stop this nonsence
Make it illegal to put sensitive information in an unsecured place.
The idea of who is guilty is something thats already pondered with the culpable responsibility laws (eg, if I get an idiot to put a system on an oil rig to prevent another piper alpha and that system didn't work, I get charged with murder as I should know the idiot wasn't up to the job). That way they don't blame someone who is new to the job, but instead blame the ones that gave them the data or told them to send it in the post without checking its properly secured.
And don't fine the people involved. A nice little custodial sentence will put the willies up them (so to speak) and stop others from being so careless.
Couldn't have put it better myself ;o)
How many times?
Interesting to note that there's been a rash of these stories recently. They're obviously newsworthy since the Revenooers lost all the Child Benefit data last November, but considering the number of times these disks have gone missing since, we must presume this sort of stuff happens all the time.
Re: How many times
It happens all the time. A recently closed ice rink round here has dumped all their customer details in a skip. Names, ages, etc of kids. One guy referred to it as a "pedo's goldmine" or something similar.
Hang them all, hang them all, hang them all!
... wait. Was this a big deal? Some names and dates of birth and smoker status? This matters... why? No use for identity theft. No use for an invasion of privacy - if you know anyone on the list you already know roughly how old they are, and smoker status isn't a secret (for any smokers labouring under the misapprehension that we don't know you smoke, I'm afraid the smell betrays you at first introduction).
@wize - a list of names and ages of kids is a 'pedo's goldmine'? WTF? Like the presence of children in a household is a mysterious secret which strangers can't uncover?
Please gentlemen, let's try to keep a sense of perspective here.
There's never a rolling eyes smilie when you need one.
Also included was addresses, phone records and even medical details.
Re: I put this on the e-crime thread but figured it was pertinent here too
"We've set them up password protected HTTPS upload functionality and SFTP connections but apprarently it's not covered in their current security documentation"
opening port 22 in a firewall for sftp leaves them vulnerable to bypassing the firewall using ssh port forwarding.
Also any encrypted traffic passing out of a network can't be monitored by the network admins so I'm not surprised that it's not allowed.
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call
- Pic Tooled-up Ryobi girl takes nine-inch grinder to Asus beach babe