Slashdot Mirror

← Back to Stories (view on slashdot.org)

Missing Hard Drive Spurs Data-Theft Fears In Canada

Posted by timothy on from the get-your-new-ehdentity dept.

DevNull writes "A government of Saskatchewan (Canada) hard drive has gone missing, and it contains significant personal data - in fact, the government won't even detail what all is contained in it. Read about it from the CBC. So much for people who think the internet is the cause of all their security fears! Identity theft is the major concern at the moment." B5_geek links to this report on Bloomberg.com which says that "'[t]he information includes names, addresses, beneficiaries, social insurance numbers, pension values, pre-authorized checking information and mothers' maiden names," according to Co-operators Chief Executive Kathy Bardswick

11 of 29 comments (clear)

  1. It was encrypted, wasn't it? by Anonymous Coward · · Score: 2, Funny

    REGINA - Thousands of Canadians across the country are being cautioned that a computer hard drive missing for two weeks from a Regina office contains their personal data. Saskatchewan government officials fear the data could be misused.

    And people give de Raadt a hard time for encrypting the swap file...

  2. Ugh by Blkdeath · · Score: 2, Interesting
    I'm glad I don't have a policy with these people. It sucks when you go to certain lengths of care with whom you share your personal data and it gets stolen anyways.

    Security, security, security, people. It's my (and your) information we're dealing with here. I'd sooner it not be put in the hands of the lowest bidder, Thankyouverymuch.

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

    1. Re:Ugh by Smokey · · Score: 3, Insightful

      Security, security, security, people

      And let's not forget PHYSICAL security, somebody had to go in, remove the hard drive from the computer (I assume it was in active use..) and walk out with it.

  3. A global ID by noitalever · · Score: 2, Interesting

    I've seen countless things in the news lately, and am really getting the feeling that at some point we are going to *have* to have a global, secure ID. A lot like the SSN's of today for america, but with two parts, one part that is on the internet, and one part on a random number generator of some sort that we keep on our person. That way, the internet information is useless.

    Like it or not, at some point it seems like EVERONE's data gets stolen. I'm uber-paranoid about giving my info to anyone, but I KNOW that there is info floating around the internet about me that someone could use to steal my identity. Is anyone working on a two part identity sytem like this that isn't proprietary?

    Shawn

  4. If found, send to... by misfit13b · · Score: 4, Funny
    ...oh, forget it, you already have the address.

    ;^)

  5. Physical security is important too... by Syncdata · · Score: 2, Interesting

    Just ask the CIA/FBI/Lawrence livermore cats who couldn't seem to hang onto a laptop from 1996-2000. It's all fine and good if your system is cracker proof, but do try to keep an eye on it.
    Software security means squat diddly if someone can just pop the HDD in as a slave.

    --
    "Inattention makes clowns of us all" -Bean
  6. The Co-Operators by Hadean · · Score: 4, Informative

    The drive contained a list of members, the information above and credit card numbers of members of the Co-Operators Life insurance company.

    Check out this article (Regina Leader Post).

    (OT: Have you noticed that there are more and more threads on Slashdot that has less then 10 comments? Hmmm...)

  7. This company is an IBM subsidiary by dl248 · · Score: 3, Insightful

    This is a case where the work has been farmed out to ISM, which is a subsidiary of IBM. It's not the government's fault, but ISM/IBM who are to blame here.

    The amount and detail of data makes this a SCARY situation.

  8. so? by 3-State+Bit · · Score: 4, Funny

    It was encrypted, right?

    I mean, these days any schmo with an iBook goes /Applications/Utilities/Disk Copy, clicks File | New | Blank Image and chooses a name for the file, the desktop for its location, and AES 128 for encryption (recommended).

    Then just unmount the drive image (drag it in the finder from your desktop to the trash -- which will turn into an eject button) before you leave your computer for the day, or whenever somebody's using it who shouldn't have access to the contents of that drive -- even if they're using your account, cuz' you're letting them sit at your computer.

    Double-clicking the drive image prompts for a password (don't check 'save to keyring') before mounting it and once more you're good to go.

    You don't even ever have to turn your computer off.

    Um, yeah. (Eyes dart around the room looking for a way not to receive a bunch of off-topic downmods. Um....)

    Wait! Got it!

    "You know, this wouldn't happen if hard-drives were encrypted by default, and the OS needed a password from the HARDWARE (or a hash) such that on bootup if your configuration is different radically from what it was before, your valuable information becomes unreachable.

    Oh wait, XP does this already.."

  9. the real threat by sirsampson · · Score: 2, Funny

    We all know that the real threat is those 31337 skr1p7 k1ddiez and no other threat

    At least that is what *they* keep telling us. You do believe them, right?

    heh heh

  10. More Info: by Nos. · · Score: 3, Informative
    SASK CBC. I work about 100 Yards from ISM's building (the folks responsible for the lost drive).

    Some interesting things have been reported in the media around here. Some have said the data was encrypted, and that it was unlikely that anyone could get the data. If it was encrypted with anything recent, it would be near impossible to get the information off of it. If I were talking to the media and new it was encrypted

    It was also mentioned that information was in a database, and the tables couldn't be linked very easily... but who really knows.