back to article A quarter of banks' data breaches are down to lost phones and laptops

One in four breaches (25.3 per cent) in the US financial services sector over recent years were due to lost or stolen devices, according to a new study. Cloud security firm Bitglass further reports that one in five recorded breaches over the last 10 years were the result of hacking. More than 60 financial sector organisations …

  1. Hollerithevo Silver badge

    Carelessness costs cash

    I had a manager who was let go due to a personality clash with a more senior manager (the better manager left, of course). And what also went? A smartphone, a tablet and a laptop. My manager had them in his possession, realised this, and tried to return after he had left the company (he had been ill when the remainder date actually happened), but could not get anyone to take them off his hands. He used the phone for over a year, free, by way of pay-back. The laptop and tablet are sitting somewhere, locked down and unusable, unless they fall into evil hands. Not a f*ck was taken by the bank about this equipment.

    1. Jay 2

      Re: Carelessness costs cash

      Hmm, that's quite careless! At my current place various departments/groups are prodded via a HR started process to reclaim all such devices and shut down any accounts when an employee is scheduled to leave. I'm pretty sure the phones would get a remote wipe too.

    2. C0p3n

      Re: Carelessness costs cash

      I have personal experience with this. Someone ran off with a laptop when she was fired and I was told to "not worry about it" when I pressed hers and my management to try and get it back. Banks know no kind of information security. Users got mad when we told them they couldn't plug random flash drives into their computers anymore.

  2. Anonymous Coward
    Anonymous Coward

    Well certainly works well at the Home Office (ime)

  3. Anonymous Coward
    Anonymous Coward

    It'll all be fixed with biometrics..

    Isn't that what they want us to believe now...

  4. Alan Brown Silver badge

    “To stay one step ahead as data moves beyond the firewall, firms in this sector must encrypt cloud data at rest, control access by contextual risk, and protect data on unmanaged devices.”

    Breaches due to these kinds of issues should pass vicarious liability onto the management - by law.

    Once that happens, they'll stop in a very short period.

    1. Calleb III

      Once that happens, they'll stop in a very short period.

      So never...

  5. Stevie Silver badge

    Bah!

    Stap me! That's one for the books, that is. Who'd have thought it. Etc etc etc.

  6. Sproggit
    FAIL

    Conflated Issues

    You're mixing up your stories in an attempt to make this sound more relevant than it is...

    For example, you quote the 2014 JPMorgan breach, which was the result of a hack of servers and nothing whatsoever to do with phones or laptops.

    The same will likely be true of most, if not all, US companies. This is due to a Californian "Data Breach Reporting Law" that requires any institution that experiences the loss of non-encrypted data relating to clients to notify those clients - a requirement that now applies across the US. As a result of that one piece of legislation, most US banks [i.e., read : "ALL"] instigated processes to ensure that EVERY company-owned mobile asset [laptop, Blackberry, etc, etc] met the minimum encryption requirements, so that the loss of an item explicitly *didn't* trigger data breach reporting requirements.

    That being the case, how could your article be based on any solid facts - given that the law explicitly excuses organisations from the need to go public with that data?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020