Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Insecure Backup Exposes Sensitive Data on Arkansas Guardsmen

Origin Storage : 02 March, 2010  (Technical Article)
A missing backup drive containing the insecure data on National Guardsmen based in Arkansas highlights the requirement for archiving sensitive and vulnerable data in a secure fashion
Reports that staff data spanning more than five years at the Arkansas National Guard have gone missing on a back-up drive highlights the need for encrypted backups to be taken on live data - and also strengthen the argument that live data should also be encrypted, says Origin Storage.

'The archival drive reportedly contains the names, addresses and social security number details of at least 15,000 current and former members of staff as at March 2009, and spans back to the start of 2004,' said Andy Cordial, managing director of the storage system integration specialist.

'Whilst some experts claim that encrypting live data is overkill in some situations, the fact that was an archival disk, and almost certainly only accessed if the computer's primary drive went down, means that high levels of encryption should have been applied,' he added.

Cordial noted that this isn't the first time a US military database has gone missing as, back in the spring of 2006, similar details of more than 2.2 million US military personnel - including nearly 80 percent of the active-duty force - were stolen.

That data, including more than 430,000 National Guard members, was subsequently recovered after an in-depth investigation by the US military, indicating the potential value to fraudsters of the information that was stolen - 'and that is before we start taking about US national security,' he said.

According to the Origin Systems MD, the fact the US National Guard is recommending that all affected current and former members of staff contact a credit reference bureau indicates the potential fall-out from this hard dive loss, as the data lost is a identity thief's dream come true.

Social security numbers in the US, he explained, are much more powerful that national insurance IDs in the UK, as they are commonly used a means of identification online and over the phone, much as dates of birth are used in the UK.

The sheer size and history of the US, he said, means that there is a distinct possibility of several people of the same name having the same birthday but, because the social security number is unique to an individual, it is a much more useful identifier.

As a result, he added, most citizens use the number as their personal user credential when deadline with financial or government institutions.

'As a supplier we always recommend that archival data be protected by multiple layers of defence, such as encryption and password protection, as seen on our Datalocker range of secure backup systems,' he said.

'And since we are dealing with a lot of staff data here it's also advisable to encrypt the current database, only decrypting data on the fly as and when it is needed. There is simply no excuse not to use password plus encryption on such valuable data,' he added.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo