I read a lot of articles about incidents; it is hard to keep up with them all! However, one I ran across on the WUSA 9News Now site in Washington D.C. grabbed my attention.
It appears that U.S. Marshals emptied the offices of a business being evicted for nonpayment of rent of all the contents earlier this week because they were behind in their rent. They took the
business’ computers, boxes of personal information including Social Security numbers and tax records of the business clients, and just left them out on the street during the evening earlier this week. By morning it was all reportedly gone.
Duh!
The U.S. Marshals obviously
1) Do not have good procedures for removing the contents of buildings and facilities during evictions
2) Do not have any information security or training awareness about how to handle sensitive information
3) Did not perform common sense actions for the handling of computers and personally identifiable information (PII)
Evicting tenants for nonpayment of rent is one thing, but to then put the PII of thousands of people at risk by leaving it out on the street for anyone to take is completely inexcusable.
It is scary to think how many times similar types of situations may have occurred.
Tags: awareness and training, computer crime, Information Security, IT compliance, policies and procedures, regulatory compliance, risk management