[ISN] 32,000 farmers' data on stolen laptop

From: InfoSec News (alerts@private)
Date: Thu Jun 05 2008 - 22:29:09 PDT


http://www.winnipegfreepress.com/breakingnews/story/4182176p-4771903c.html

By Lindsay Wiebe
Winnipeg Free Press
June 4, 2008 

It took more than two months for a federal government agency to alert 
32,000 farmers, including 7,000 Manitobans, that their private 
information was in unknown hands after a laptop was stolen.

The news comes on the heels of an annual report released this week by 
Canada's privacy commissioner, which blasted the private sector for 
failing to protect personal information.

Although the theft happened March 30, Canadians weren't sent letters 
until last week informing them their social insurance numbers, bank 
account numbers and other data had been stored on a laptop stolen from 
the Canadian Canola Growers Association (CCGA).

No details about the theft have been released by the association or by 
Agriculture and Agri-Food Canada, the government department that used 
the private data for canola payment programs, and wrote the roughly 
32,000 letters.

"If they're devilish enough to steal a computer, maybe they're devilish 
enough to do something with the information," said Cindy Kellendonk, a 
Lac du Bonnet-area farmer who received a letter Tuesday stating that her 
private information was on the stolen laptop.

Kellendonk is furious it took two months to hear about the theft, and 
unhappy with the response she got from the agriculture department when 
she called with her concerns. "What frustrates me is that they've 
treated this like it's no skin off their back," she said.

Agriculture and Agri-Food Canada spokesman Sean Malone said the delay in 
contacting farmers was necessary while the department consulted with the 
privacy commissioner and the CCGA, and worked out logistics of sending 
the letters.

"The government takes any loss of personal information very seriously," 
said Malone, adding the agency felt the risk of the information being 
misused was "relatively low."

The laptop was password-protected and secured with biometric 
fingerprinting, said CCGA general manager Rick White, but the data was 
not encrypted. He said the organization is now encrypting computer data 
in light of the theft.

Pitblado LLP privacy lawyer Brian Bowman said the CCGA and agriculture 
department deserve credit for notifying people of the breach -- a move 
not required by Manitoba law.

However, he said those affected should take measures to protect 
themselves. Situations can worsen in cases where thieves find more data 
by dumpster diving, he said, pointing to a case in Winnipeg in recent 
years where a crime ring compiled thousands of credit card statements 
for identity theft.

Federal privacy commissioner spokeswoman Anne-Marie Hayden said her 
office is aware of the incident and has received "a number of inquiries" 
from individuals.

Earlier this week, privacy commissioner Jennifer Stoddart tabled her 
annual report on whether companies are complying with Canada's Personal 
Information Protection and Electronic Documents Act (PIPEDA).

She found many companies are failing to implement "elementary security 
measures," such as using encryption on laptops. As a result, these 
unprotected or stolen laptops, often containing customer information, 
remain a "huge issue" for the private sector.

Copyright 2008 Winnipeg Free Press. All Rights Reserved.


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 05 2008 - 22:36:56 PDT