You'd probably think that Ernst and Young's "misplacement" of the credit card data for 243,000 Hotel.com patrons was a security issue, but you'd be wrong. Someone uninformed about these things might mistakenly believe that when Veteran's Affairs lost information on 26.5 million people that there was a problem. But not so! You see, really this missing data is almost a non-issue. You see, these laptops not your oridinary "run of the mill" laptops - instead, they were protected by a veritable "iron wall" of protection: namely, a password in the case of E&Y and a proprietary data format in the case of VA.
You see, according to a memo by a VA representative, all that data containing medical information, personally identifiable data, etc. is in no jeopardy because the format of the file is proprietary - and, of course, therefore safe. You see, without "specialized tools" the data is in no danger. Without specialized text processing applications like "grep" and "wordpad," the data remains safely locked away from these shady perpetrators; the expensive nature of these tools, and the highly specialized skills required to operate them, are likely to be out of reach for most attackers.
According to the E&Y representative, E&Y's extensive "data lockdown procedures" require that a user enter a password before access to sensitive data is allowed; as with VA, given that advanced disk-analysis tools like "dd" are so expensive and the experts familiar with hard-disk removal technques are so hard to find, the data remains out of nefarious hands and out of the way of prying eyes. Behold the impregnable fortress of safety!
So thanks to both VA and E&Y for explaining to us all the mitigating factors surrounding this data loss. I was concerned about it before I found out the truth of the matter.
Posted by Ed at June 2, 2006 11:03 AM | TrackBack