Sophos Cloud Optix
The sheriff’s office in King’s County, Seattle, was in the process of adding encryption software this past spring and as of March had done so on 60% of all computers.
Wouldn’t you know it? The laptop that got stolen from a detective’s truck, unfortunately, was in the 40%.
According to Komo News, the laptop and a personal hard drive, both of which were full of case files, were stolen from the backseat of an undercover detective’s pickup truck in March in the US state of Washington.
Komo News reports that the case files contained personal information about thousands of crime victims, suspects, witnesses and even police officers, including sensitive data such as social security and drivers license numbers.
Last week, the office sent out 2,300 letters to all those who might now be vulnerable to identity theft.
Detective Sergeant Katie Larson said that the months’ long delay in notifying those affected was due to the fact that the office needed time to figure out whom to notify:
"It's not something you can just press a button and it all pops up for you... Somebody had to go through and read everything and cull out all of that information."
(Actually, I’m pretty sure there are things called “data backups” that enable you to press a button and have things pop back up for you.)
The sheriff’s office said this wasn’t the first time they’ve lost data, but this was the worst data loss yet.
It begs the question, yet again, of why anyone would ever leave an unencrypted laptop containing highly sensitive information sitting around in a car.
Sheriff’s office officials said that the detective hadn’t followed policy and could now face discipline.
If it’s any consolation, King County sheriff’s office, you’re in stellar company, joined by the likes of NASA itself.
But somehow, I don’t think that will console those who got a data breach notification letter and now have to deal with the potential of identity theft…
Image of sheriff’s badge by unknown artist, labelled for commercial reuse under Creative Commons.
It also appears they weren't doing backups either! So the data on the laptop was not only unencrypted, but was apparently the ONLY copy of it? That was incredibly irresponsible of them.
"…stellar company…NASA". Good one.
"But somehow, I don't think that will console those who got a data breach notification letter and now have to deal with the potential of identity theft…"
Right…no consolation whatsoever. Identity theft happened to me 20 years ago, and it took 8 years to clean up the mess. And that was before the Interwebz network of interconnected knavery really coagulated into the wretched hive of scum and villainy that it has become since then. If your identity is compromised today, you're in for a siege that will have you doing ID janitor duty as a part-time career for years to come.
In this case, where "crime victims, suspects (who haven't been proven guilty), witnesses, and even police officers" are now dealing with that potential. In a better world, the sheriff's office would remediate it, or at least compensate those who actually do become ID theft victims. Alas, we have a long way to go before what we call "government" provides anything like real protection of people's rights and other property.
Since it was a sheriff's office that had the stolen laptop, the people who had their information on the laptop may also be looking at extortion attempts against them.
"(Actually, I'm pretty sure there are things called "data backups" that enable you to press a button and have things pop back up for you.)"
You're missing the point. The laptop didn't contain a database of personal information that could easily be used to generate a list of those people affected. It contained case files and notes, meaning that such personal information was scattered throughout, sometimes no doubt simply in unformatted text. Therefore, someone had to read through it all and transcribe any such information into a list.
"It begs the question, yet again, of why anyone would ever leave an unencrypted laptop containing highly sensitive information sitting around in a car."
Because so many in law enforcement believe that they are the unquestioned kings of their domain. And they would never contemplate that someone would do such a thing to them. You know, treat them as a regular person and not a cop.
"Sheriff's office officials said that the detective hadn't followed policy and could now face discipline."
Maybe, but only because of the public embarrassment this has caused.
That’s really too bad that they had the laptop stolen.