The AP has reported that a laptop and portable hard drives stolen from the US Office of Child Support Enforcement may contain millions of kids’ names and social security numbers. The agency oversees child-support programs across the nation. Congressional representatives are criticizing Health & Human Services, and demanding action, SC Magazine reports. Here to comments on this news are security experts from Lastline and InfoArmor.
Giovanni Vigna, Co-Founder & CTO, Lastline:
“This incident demonstrate the need for multiple layers of defense: first, physical security to tightly control access to data storage devices; second, access should be revocable — which happens very seldom because – for example – physical keys can be copied, lost, etc.; and third, sensitive data should always be encrypted when stored on disks and elsewhere at rest. This is something that is easily achievable with encrypted file systems, which are now widely available in any and every operating system.”
Andrew Komarov, Chief Intelligence Officer, InfoArmor:
“This once again underscores the serious risks and larger ‘rules gap’ issues relating to childrens’ safety and their protection – both on the Internet and in data handling practices. While this particular kind of data leak may not expose a specific security industry vulnerability, it demonstrates clear, overarching problems in handling of childrens’ sensitive information.”