Eric Anderson reports:
Pioneer Bank over the weekend alerted some of its customers that an employee’s laptop stolen Jan. 26 contained “secured personal information of certain customers, including names, social security numbers, street addresses, and account and debit card numbers.”
Letters were sent to those customers whose information “may have been on this laptop,” Pioneer said. Not all customers were affected, and Pioneer said it was “currently unaware of any misuse of any of the customer information relating to this incident.”
Read more on TimesUnion.
I wonder what they mean by “secured.”
Update: Larry Rulisun of the Times Union has more details on the theft in a follow-up report. As a commenter on this blog reports, the bank is telling customers who call that the data were “encrypted.”
It took them over a month to let us know!!! They sent the notice by postal service. When you call, they say the info was all encrypted so no “security breach” occurred. I asked why they were supplying a free year of identity protection then? “Just in case you want it” was the response.
They said it was encrypted? Thank you!
AS A PIONEER CUSTOMER I WOULD LIKE TO KNOW WHY IT TOOK THEM OVER A MONTH TO CONTACT US!!!
One month is actually quite a rapid response from any business. Most would try to cover this up.
I hope when they say “the data was encrypted” means that the ENTIRE laptop was encrypted. An encrypted laptop will not even boot up without the proper password.
So, if a computer boots up to a login prompt, all a thief has to do is to crack the user’s password. Once they have done that, the user usually has rights to modify and view files they were working on, so encryption at that point is pretty useless.
People don’t get it. If you want security, pay the price. One of the SIMPLEST things in the world is a thumb drive that has a long password on it. If the wrong password is entered 10 times in a row, it self destructs, and no one gets anything. As long as employees are not lazy – this works like a charm. Have a corporate policy that states that circumventing security policies and procedures can get you fired, and things usually stay pretty straight and narrow. The company needs to physically handle and audit corporate devices every once in a while. It allows the IT folks to either do a check up on the box for patches, so simply slick the device and reinstall a new clean load, potentially wiping out anything that might be bad.
They took a month to see if the crook who stole the laptop might try to sell it at a pawn shop, or if it would show up on Ebay or other markets. It takes TIME to do an investigation – these things don’t happen overnight. Crooks are smart. if they know the business they want to attack, they simply stalk an employee who occasionally handles laptops. They follow the employee from work to home and everywhere in between. if an opportunity presents itself, and the laptop remains in a vehicle for a few minutes unattended, all it takes is a busted in window and the laptop is gone. Again, people are lazy – Its a highly valued commodity – lock it up in your trunk if you have one.