Assignment 4:

For every mobile data and device technology category examined in Chapter 3 of the
textbook (Dual-use, Tapa storage, Smartphones, PDA's, etc.) find a news article on the
Internet describing an incident where the stored data was compromised (either intentionally
or unintentionally). Summarize each news article in one paragraph and combine all
paragraphs into one Word document for submission.

Portable Storage devices:
Example: USB Flash Drive, Portable Hard Drive
Article: http://www.seattlepi.com/local/article/Sea-Tac-airport-worker-
information-missing-1216146.php
Six computer disks containing the personal information of nearly 7,000 people
working at Seattle-Tacoma International Airport (Sea-Tac) have gone missing. The
disks contained information that had been scanned from paper I.D. forms --
applications for airport badges from employees of the port, the airlines, concessions
and other Sea-Tac employers -- and were from the Airport I.D. Badging office.
Airport director Mark Reis said he had no reason to believe the information had
been misused, but he also did not know if the disks were simply misplaced or stolen
outright. Reis said the information -- including name, date of birth, address, social
security and driver's license numbers -- could not be used to actually make an
airport worker badge.


Tape Devices:
Example: Servers Backup Tapes,
Article: http://www.upi.com/Business_News/2007/02/15/Data-on-196000-
insurance-customers-stolen/UPI-34661171554687/
WellPoint Inc., the largest U.S. health insurer had backup tapes stolen from a third
party location. Nearly 200,000 Anthem Blue Cross and Blue Shield members in four
U.S. states had their personal information stolen, the insurer's parent company says.
The back-up tapes were stolen from a Massachusetts office of Concentra Preferred
Systems, a company that audits and analyzes WellPoint's claims information.


Dual-Use devices:
Example: Mp3 player, iPod, eReaders (Kindle)
Article:
http://www.alertboot.com/blog/blogs/endpoint_security/archive/2009/01/28/us
b-data-encryption-a-timely-example-of-an-information-security-breach.aspx
An MP3 player, sold from a pawnshop in Oklahoma City and bought by a guy residing in New
Zealand, contained the information of 60 US soldiers. According to several sources, the
information contained in the mp3 player included names, SSNs, equipment deployed to various
war theaters, pregnancy status of female soldiers, and a notice that releasing the contents was
prohibited by federal law. It is imperative that any organization that is seriously considering data
protection measures also gives thought to such matters. For example, an employee hooks up his
iPhone to a company computer to charge it. Conveniently enough, this also allows him to
transfer work files into his iPod, something that may be banned per company policy (but as
shown with the mp3 player, routinely ignored).

Smartphone/PDA:
Example: iPhone, iPad, Android Phone, Blackberry
Article: http://www.huffingtonpost.com/2010/06/09/ipad-security-breach-
expo_n_606700.html
Goatse Security , a web security/"hacking " group, discovered a major security hole
that may have compromised the personal information of some 114,000 iPad
users, Gawker reports. The exposed information was believed to have included
users' email addresses and ICC-IDs, a unique ID stored on a SIM card that is used to
identify a mobile subscriber and enable them to connect to a mobile network (in this
case, AT&T). An AT&T spokesperson who contacted the Huffington Post said that
the only personal information exposed were email addresses.


Optical Media:
Example: CD(-R),DVD-R(W),BD-R
Article: http://www.consumeraffairs.com/news04/2006/02/mcafee.html
Software security company McAfee touts itself as "[leading] the world in
discovering, documenting, and addressing breaking threats and vulnerabilities." But
now the company may be looking into increased security protection for itself,
thanks to the loss of data on several thousand of its employees.
An auditor from financial services consultancy Deloitte & Touche lost a compact disc
(CD) containing personal information on over 3,000 current McAfee employees in
the U.S. and Canada, and 6,000 former employees. The unencrypted data included
names, addresses, Social Security numbers, and employees' stock holdings in
McAfee.


PCs:
Example: Laptop, Desktop, Server
Article:
http://www.computerworld.com/s/article/88443/BankRI_customer_information_s
tolen_along_with_laptop?taxonomyId=017
Bank Rhode Island's CEO said today that her IT department plans to install
encryption and fraud-detection software on computers after a laptop containing
the names, addresses and Social Security numbers of about 43,000 customers
was stolen from its principal data-processing provider, Fiserv Inc.
The theft of the laptop from Fiserv also prompted BankRI to install fraud-
detection software on computers at its Providence, R.I., headquarters and branch
offices.


Email:
Example: On Premise email, Cloud based Email
Article: http://jacksonville.com/tu-online/stories/052107/met_171666534.shtml
A judge today ordered a former computer consultant for Blue Cross and Blue Shield
of Florida to reimburse the Jacksonville-based health insurer $580,000 for expenses
related to his theft of 27,000 employee names and Social Security numbers.
According to court documents, Clifton accessed the information to check his pay
against other Blue Cross computer consultants. Blue Cross spent $560,000 on a
credit monitoring service and another almost $20,000 locating and notifying the
27,000 current and former employees, vendors and contractors whose information
was stolen.

Instant Messenger/Text:
Example: AIM, Pidgen, MSN, GoogleTalk
Article: <Unable to find an example of a breach through this technology>