National Public Radio (NPR) reports that British Petroleum‘s (BP) problems in the U.S. now include a data spill as well as the oil spill. BP is paying compensation amounting to $4,000,000,000 to victims of its mishap incident disaster in the Gulf of Mexico last summer. Now BP has lost the personally identifiable information (PII) on approx. 13,000 of its victims are seeking compensation for oil spill damages. NPR reports that names, addresses, phone numbers, and social security numbers, were lost opening these people to identity theft.
BP spokesman Curtis Thomas told NPR that the oil giant mailed letters to roughly 13,000 people whose data was stored on the missing computer, notifying them about the potential data security breach and offering to pay for their credit to be monitored. The company also reported the missing laptop to law enforcement, he said. The laptop was password-protected, but the information was not encrypted, Mr. Thomas said.
The employee lost the laptop on March 1 during “routine business travel,” said BP’s Thomas, who declined to elaborate on the circumstances. “If it was stolen, we think it was a crime of opportunity, but it was initially lost,” Thomas said. Asked why nearly a month elapsed before BP notified residents about the missing laptop, Mr. Thomas said, “We were doing our due diligence and investigating.”
Matt O’Brien, the part-owner of Tiger Pass Seafood, a shrimp dock in Venice, La., who said he had filed a claim with BP, told an AP reporter this was the first he had heard about the possible compromise of his personal information by BP. “That’s like it’s par for the course for them.” Mr. O’Brien said of BP, “They can’t seem to do nothing right.”
Once again, 13,000 lives are disrupted because a single laptop that was not encrypted, was lost or stolen “during routine business travel.” Sophos‘ Naked Security blog pointed out in 2008 that laptops are easy to lose. The security vendor cited a survey that found that 12,000 laptops are lost every week at U.S. airports alone.
In that 2008 survey, almost three years ago now, 53% of people said that their laptops contained confidential business information, with two-thirds having taken no measures to secure their data. Clearly, some companies still aren’t taking proper measures.
rb-
As BP again has demonstrated, we all need to lift our game, As Sophos says, even if your organization is willing to take risks with your own data, firms have a clear moral duty not to take risks with data you keep about other people.
During these economic times, many organizations are saving a few pennies by doing as little as possible about encryption-related security. Why not consider the value of encryption to your business, instead of considering only the cost?
What do you think?
Oil spills, Data spills, Outrageous gas prices – Is BP out to get the U.S.?
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.