“Lost” laptop with info on 540,000 New Yorkers Found

MSNBC reported that the laptop I blogged about earlier this week that contained sensitive personally identifiable information (PII) on 540,000 New Yorkers was found by the FBI and CS Star.   

"The FBI and the private company that had been in possession of the state-owned personal computer would not say how or where it was found, only that it was in "a secure location.""

The computer had been missing since May 9.  The story did not say specifically when it was found, but implies it was found just this week.  So, it was missing for around 2 1/2 months. 

"Mike Kachel, a spokesman for CS Stars’ New York City office, said the FBI located the computer, missing since May 9, and that it appeared no one had used any of the information it contained."

These statements are always interesting to me…I’m told by my digital forensic expert buddies that you cannot tell for certain if data has or has not been copied.

Since the FBI was part of the team that found the laptop it seems it was probably found outside of CS Stars’ facilities…but then again, that is supposition.   

"The company had earlier offered the affected workers identity theft insurance, 12 months to get free credit reports and access to fraud resolution specialists. That offer still stands, Kachel said."

This is good.  When an organization, or the government, offers credit monitoring they should stand behind that offer, even when the computer is found.  Because there is no way to tell if the data has been copied, it is foolhardy to believe that just because the computer is found there are not copies of all the data floating around and perhaps being auctioned off to any fraudster who wants to pay for social security numbers, names and addresses.  This computer was "lost" for 2 1/2 months…it could have passed through many hands during that time.

"Identity theft is considered one of the country’s fastest growing white-collar crimes. One recent survey reported that there have been more than 28 million new identity theft victims since 2003, but experts say many incidents go undetected or unreported."

Indeed, instances of identity theft occur every day.  In fact yesterday CNN reported that U.S. Senator Harry Reid was recently a victim of identity fraud

"Senate Minority Leader Harry Reid discovered this week he was the victim of identity theft after someone used his MasterCard number to charge about $2,000 at a Wal-Mart and other stores in Monroe, North Carolina. The Nevada Democrat said he found out someone had obtained the number after opening his bill Tuesday night."

The report said he did not know how anyone else got his credit card number.  Gee, wonder if his credit card number was on one of the many laptops and hard drives that have been lost and stolen?  Perhaps even on one that was recovered and determined to have not been compromised?  We’ll likely never know for sure…hmm…

Technorati Tags

Leave a Reply