theft of blood bank records
- Thread starter dewdrop
- Start date
Vampires?
According to the BTSB the data is securely encrypted.
ubiquitous
Registered User
- Messages
- 3,782
..which means its a non-story. Company-owned laptops get lost every day of the week. Once the data is encrypted, there is neither fuss nor problems. Get over it.
I don't have a problem with this at all - I was merely stating a fact ! Even if the info. wasn't encrypted I couldn't care less and my name could well be on that list.I am surprised at the level of coverage of this story - it was one of the top items on the RTE news last night - but if the data is securely encrypted as reported there is no story here at all.
More shocking is the fact that they're going to send out 170,000 letters to people - costing what 55c each, which according to my Excel spreadsheet (can anyone still multiply in their heads or is it just me??), is E93k - what a waste of money...surely we all know about it now - I'm a blood donor.
ubiquitous
Registered User
- Messages
- 3,782
myself, I was agreeing with you and merely reinforcing your own point.dereko1969
Registered User
- Messages
- 3,046
it wasn't a BTSB employee, the disc was sent for some sort of updating to a company in new york and it was their employee whose laptop was stolen.
this is a total non-story, how RTE could justify it as their main headline last night was a joke unless it's an excuse to send Charlie Bird to New York! does anyone think the junkie who stole this laptop is likely to be able to un-encryt the disc or even cares? i'm also annoyed about the waste of money in sending out letters to every donor.
this is a total non-story, how RTE could justify it as their main headline last night was a joke unless it's an excuse to send Charlie Bird to New York! does anyone think the junkie who stole this laptop is likely to be able to un-encryt the disc or even cares? i'm also annoyed about the waste of money in sending out letters to every donor.
Yes I agree, as far as I'm concerned if it was on an encrypted laptop then it's a non story. Who ever stole the laptop probably wasn't targeting the data in any case. The hard drive has probably either been reformatted or dumped at this stage.
Apparently the data was being used as some software used by the blood people in NY is being modified for use in IRL.
Apparently the data was being used as some software used by the blood people in NY is being modified for use in IRL.
Heard the issue covered on Newstalk (Late Night Live) last night and some pertinent questions were asked such as why did they need live data to do/test a system upgrade. Somebody else mentioned that although the data was encrypted if this was via a Windows encrypted folder/filesystem (or possibly other means) then it could be that ultimately a simple password could be protecting access. Having said that I don't think that people should or need to panic about this. There is a possibility that my own data was included but the whole story won't keep me awake at night.
According to siliconrepublic.com - "The donor records include details of names, addresses, dates of birth, gender, blood group and contact phone numbers."
Yes, this information has probably already been wiped and the laptop sold and the OS re-installed.
But, what if the laptop was targeted for a reason ? This is a lot of information to lose and it could be usefull to someone. Maybe all 175.000 names, numbers and addresses end up on some mass mailing list and you start getting calls trying to sell you life assurance, exercise equipment, etc . . .
I think the BTSB have a little explaining to do. It makes for poor project management to send live data out to a 3rd party for testing and development. I'm sure they signed a non-disclosure agreement covering the data, but that's no good since they no longer are the only people with that data.
Maybe (although it was not on this laptop) they also sent data covering details of blood-related medical conditions. If you were on this list, would you like to get calls or contacts from companies trying to sell you specific medication because they 'came across' your records ?
It is reported that the data was encrypted so there is nothing to worry about. What do we know of the protection provided in this specific case by the encryption ? Was it something requiring a private key which was not stored on the laptop ? Was it a password protected zip file which is trivial to unlock ? Was it some form of enterprise based encryption which requires access to the companies infrastructure ? There are many methods of encryption and they are very much not all equal. Just because we are told they were encrypted does not mean they are secure.
z
Yes, this information has probably already been wiped and the laptop sold and the OS re-installed.
But, what if the laptop was targeted for a reason ? This is a lot of information to lose and it could be usefull to someone. Maybe all 175.000 names, numbers and addresses end up on some mass mailing list and you start getting calls trying to sell you life assurance, exercise equipment, etc . . .
I think the BTSB have a little explaining to do. It makes for poor project management to send live data out to a 3rd party for testing and development. I'm sure they signed a non-disclosure agreement covering the data, but that's no good since they no longer are the only people with that data.
Maybe (although it was not on this laptop) they also sent data covering details of blood-related medical conditions. If you were on this list, would you like to get calls or contacts from companies trying to sell you specific medication because they 'came across' your records ?
It is reported that the data was encrypted so there is nothing to worry about. What do we know of the protection provided in this specific case by the encryption ? Was it something requiring a private key which was not stored on the laptop ? Was it a password protected zip file which is trivial to unlock ? Was it some form of enterprise based encryption which requires access to the companies infrastructure ? There are many methods of encryption and they are very much not all equal. Just because we are told they were encrypted does not mean they are secure.
z
R
rmelly
Guest
as has been stated above, there is insufficient information on what level of encryption was applied to make a decision on whether the data is truly secure. The fact that BTSB have mentioned the 'remote' possibility says to me that there is concern on their part.
I'm not sure I believe that it was encrypted, or that the keys, passwords etc. for decrypting it weren't stored on the laptop. Their definition of remote may be 20% plus.
Do we know what information was stored? What if it contains blood sample analysis results? If you had a disease e.g. AIDS, would you like to be possibly blackmailed about it?
Was the data not scrubbed of any identifying information (Surname, dob, phone number, address) BEFORE handing it to an american company?
I work with US info every day and if it's real data, then it MUST be scrubbed of such details. Data Protection and all that.
I work with US info every day and if it's real data, then it MUST be scrubbed of such details. Data Protection and all that.