BP Loses Laptop With Oil-Spill Claimants' Personal Info

Oxford_Comma_Lover writes "CNN Reports that BP lost a laptop with the name, address, DOB, and SSNs of everyone who filed claims related to the big oil spill last year. In other words, everyone asking for money from them based on the spill just got their private info misplaced. There has been no allegation of bad faith."

Re:SSN?

[nedlohs]

For a lost income claim, the money is taxable (just as the income it is supposed to be replacing would be).

Other types aren't but that doesn't mean they don't report them to the IRS anyway.

Re:oh,

[fuzzyfuzzyfungus]

You sound like you were raised by Steve Ballmer and rocked to sleep each night by a loving marketing brochure. Lay it on a bit thicker, will you?

That said, disk encryption(almost certainly full disk; because you Do Not Want to have to puzzle out all the possible locations that a modern OS and suite of common programs may stash temporary files, caches, etc.) is more or less a must for sensitive information that leaves the site. It reduces the hazards of sloppy disposal even for desktops that are only supposed to leave the building at EOL.

You can get disks that do it in hardware, there are a variety of software options; but it is pretty much the bare minimum of responsible handling of sensitive data. Even better, of course, is never actually having the data on the device in the first place. With the comparatively low cost of broad internet coverage today, forcing people working on really sensitive stuff to do so only in a terminal session that actually lives on a nice cozy server back in your locked cage, with only pictures and input device events going back and forth over the (SSL secured) wire is fairly practical and means that even a badly rooted client is limited to some screengrabs and a stolen client gets nothing but a stock OS with one of the terminal clients installed.

Re:Huh?

[vlm]

The point here is that you go off all crazy on security policies that are impossible to follow, someone will find a work-around that defeats the purpose.

The worst part of your story is the actual failure mode is failure to understand the difference between encryption and authentication.

You're "supposed" to share encryption keys to transfer data, and you've got a huge known plaintext problem with encryption. So you have to change keys / passwords every week or whatever.

In comparison, the only person that knows your authentication password is one human. The computer, if done correctly, only knows a salted hash. Changing passwords is cargo cult science, it pointless. Its applying a solution from one problem to a completely unrelated problem. And it makes it worse by making password changing and resetting common and trivialized (in addition to making human management of passwords so difficult that they subvert the system as per your report). Finally it feeds illogic and stupidity, in that good security can be a PITA, therefore anything that is a PITA must be good security, right, and the more of a PITA it is the better the security must be?