BreachExchange mailing list archives
Gov't data stolen from car
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Sat, 23 Feb 2013 15:52:43 -0500
http://www.thestarphoenix.com/news/data+stolen+from/8006032/story.html The federal agency charged with preventing the flow of money to organized crime and terrorists had an encrypted laptop, hard copy reports and an unencrypted USB memory stick stolen in October, exposing the personal information of patrons to two Alberta casinos, including how much money they gambled. The theft of information from the Financial Transactions and Reports Analysis Centre of Canada is a first for the agency, which has detailed privacy regulations built into the legislation guiding its operations. The encrypted laptop and reports were inside a locked briefcase that was stolen out of the locked trunk of a rental car in broad daylight while a FINTRAC employee had left the vehicle in a Calgary parking lot while apparently going for lunch. Thefts from parked vehicles is not an unusual occurrence in Calgary, but a briefing note for Finance Minister Jim Flaherty says it isn't clear whether the theft was targeted. Inside the locked briefcase was information on how two casinos and a "dealer in precious metals and stones" report transactions to FINTRAC and how they keep client information, in accordance with federal laws combating money laundering and terrorist financing. There was no credit card or bank account information stolen, but other personal data on Canadians were on the pages of the reports that went missing. "This theft included personal information, such as name addresses, date of birth and occupation, as well as the reference numbers of government issued identification documents used to ascertain the identity of patrons," the ministerial note reads. "It also includes data such as the amounts patrons may have spent or received while at the casinos." A spokesman for FINTRAC said Friday that the laptop contained information on about 480 people, with about 290 more on the USB key or in the reports. Spokesman Darren Gibb said all 777 individuals affected by the breach were notified through registered letters sent in early November. Gibb said the agency believes no one besides authorized staff would be able to get into the encrypted laptop. The agency conducted an internal investigation and found "a security procedure in the use of USB keys was not followed," Gibb said. As for the employee involved in the incident, Gibb said: "Appropriate measures have been taken." Gibb said the agency has changed the way it transports information and has put in place new technologies to reduce the risk of breaches, although he couldn't go into detail citing security reasons. Staffs were also reminded in two memorandums about the department and government policies about handling and securing information. © Copyright (c) The StarPhoenix _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Gov't data stolen from car Erica Absetz (Feb 25)