Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Clear" Laptop Found, In the Same Locked Office

Posted by kdawson on from the never-mind dept.

jafo alerts us to an SFGate story reporting that the lost "Clear" Program laptop has turned up in the same office from which it was reported missing, but not in its previous location. "A preliminary investigation shows that the information was not compromised... The computer held names, addresses and birthdates for people applying to the program, as well as driver's license, passport and green card information. But, she said, the computer contained no Social Security numbers, credit card numbers, fingerprints, facial images or other biometric information... The information was encrypted on the server, but not on the laptop, although it should have been... However, it was protected by two levels of passwords." Reader jafo adds, "Pardon me if I have little confidence that an organization that loses a sensitive laptop for 9 days is able to tell if it was compromised."

3 of 264 comments (clear)

  1. no excuses by iveygman · · Score: 5, Insightful

    Even though this laptop was not actually stolen, that does not excuse the gross lapse of judgement by the people responsible. Two levels of passwords is fine, but unencrypted data still leaves potential victims vulnerable. This still raises the question of why sensitive data was on something as portable as a laptop. Oh and nevermind the fact that they managed to lose it in their own office completely kills any confidence I had in them.

  2. It wasn't by Digital_Quartz · · Score: 5, Insightful

    The truth is, they have no idea if it was compromised or not. All you'd need is an Ubuntu boot CD and you could read the data straight off the drive.

    Next time they should use THREE levels of passwords. ;)

  3. Correct response by 91degrees · · Score: 5, Insightful

    The laptop had either been stolen, and sold with the information wiped, stolen and the information sold, lost, destroyed, or left in an office.

    Whichever it was, the only information they had was that it was unaccounted for. It was actually a good response to automatically assume the worst case scenario and deal with the situation as if that had happened. If the worst case scenario was the case then at least it was dealt with as best it could be. If not then the only harm done is to them and not their customers.

    So while losing it was very inept, their response afterwards was actually fairly responsible of them.