Dave Lewis’s head is exploding. Understandably. Not only did Watermark Retirement Communities, Inc. fail to adequately secure customers’ personal information – including their date of birth and Social Security numbers- but they pulled out the old chestnuts of “the laptop was password protected” and “the thieves just likely wanted the hardware” pseudo-reassurances. Davis writes:
From the notification:
Since June 13, 2014, we have undertaken an investigation to determine what was stolen, as well as the likelihood that any harm would result. We have been advised by authorities knowledgeable in this area that the thief was likely interested only in stealing the hardware and will be unable and/or uninterested in accessing the information on the hard-drive.
Um, what?
Beyond relying on Occam’s razor, I’m curious as to how they could say that with a straight face. But wait, there is more. The information on the stolen laptop contained customer personal information including, name, address, telephone number, email address, date of birth and social security numbers. But, never fear, “The laptop was password protected.”
At this point my head exploded.
This is doing a disservice to their customers by giving them a false sense of security. This sort of reaction comes up more often than I care to mention. A password is of little benefit if a bad actor has physical access to the system. Encrypt your laptops.
Amen, Dave. Amen.