Last week a laptop was reported missing from the Camp Pendleton Marine Corps base.
"It’s happened again. A laptop computer loaded with personal information has turned up missing. This time, the laptop contained information on 2400 residents of the Camp Pendleton Marine Corps base. The computer was reported missing last week by a company that helps manage base housing. Both the company and the Camp are investigation the loss of the laptop. A statement from Camp Pendleton says as of Friday, investigators had found no evidence that the data on the laptop has been accessed. So far, authorities aren’t saying what kind of information was on the computer. Camp Pendleton is located north of San Diego, and is a major Marine Corps’ training facility on the West Coast."
I tried to find more information about this case than what was within this report, but without luck.
What is most noticeable about this incident report is the lack of details.
- Was the personal data encrypted? Probably not, or it is likely the incident would not have been reported.
- Were the inviduals whose personally identifiable information (PII) was on the laptop notified?
- It is vague to say it is "missing," was it really stolen?
Also, it is becoming frustratingly common to see the statement, "investigators had found no evidence that the data on the laptop has been accessed." Of course there is no evidence…they don’t even know where the laptop is!
And it is highly likely that nothing bad, unscrupulous or criminal would be done with the PII right away. "Evidence" of misuse of PII may not be discovered for many weeks or months.
Technorati Tags
information security
IT compliance
policies and procedures
privacy incident
awareness and training
stolen laptop
privacy