Your life secrets, left in a taxi

Bob Sullivan Technology correspondent • Profile • E-mail

It was just a tiny thumb drive, but now, it's a pretty big problem for a Hawaii hospital. And what happened there could eventually become a problem for you, too. 

Last month, Wilcox Memorial Hospital in Kauai had to inform 120,000 past and present patients that their private information had been misplaced.  Their names, addresses, Social Security numbers, even medical record numbers had been placed on one of those tiny USB flash drives — and now, according to the letter, the drive was missing.

The device was misplaced in early October, and hasn't been seen since, said hospital spokeswoman Lani Yukimura. While medical information was not on the device,  it would be a treasure trove for an ID thief who found it. Once plugged into any computer’s USB port, a finder would have access to about as many identities as ChoicePoint Inc. leaked to criminals last year. So why has the Wilcox incident gotten so little attention?

The Hawaii hospital’s lost thumb drive passed by largely unnoticed. Perhaps it was because Hawaii flies a bit under the radar of the mainland. Or it may just be that people are tired of this kind of news. After all, according to a survey conducted by the Ponemon Institute recently, about 1 in 9 adults received a letter in the mail this past year saying their data had been lost or stolen. So what's another 120,000?

But the Hawaii story is a bit different from other data leaks you've heard about. It signals the next big headache looming for both consumers and the people who try to keep our data safe -- something called "endpoints" in the security industry.  Laptops, Palm pilots, PocketPC phones, and yes, those marvelous little thumb drives.

It's fine to spend millions of dollars protecting a network from hackers — but what about all that data that goes walking out the door every night? What about those laptops left in taxis, or the whiz-bang cell phones left on airplanes? Those thoughts keep security professionals awake at night, and maybe you, too.

My Blackberry, my self
"This is a really big issue," said Avivah Litan, security analyst at Gartner. "It's really just an unwieldy situation right now."

And unlike many potential security vulnerabilities that are discussed in geek circles, this one is not theoretical. Think about those wonderful Blackberry devices, for example. What if you lost yours? 

Two years ago, a wayward Blackberry that belonged to a former Morgan Stanley executive ended up on eBay. How do we know it was from a Morgan Stanley executive?  Because the buyer found 200 company e-mails and 1,000 contacts still on it. 

Credant Technologies is one of a small army of companies that have begun focusing on this issue. The firm surveyed corporate America to see how extensive the problem of lost devices is. While the company obviously has a vested interest in this issue, its findings ring true.

Bob Heard, CEO of Credant, said that on average, a company with 1,000 employees loses one laptop each week.

Credant's survey of those who had lost laptops indicated that 82 percent were never recovered. It's not clear how many of those machines had customers’ personal information on them, but 90 percent had "critical data," according to the survey.

Heard, a former identity theft victim himself , thinks the problem is out of hand.

"The problem has been expanded from a protection of data standpoint to a social issue," he said.

MORE FROM SECURITY

Security Section Front

Facebook hit by ‘Control Your Info’ intruder Twitter phishing ploy goes for ‘Direct Messages’ Red Tape: Your chance to spy on Google Hacking ring caught in $9 million fraud Tagged.com settles with states in invite fight Framed for child porn — by a PC virus In China, battles over a new wall Spain: Internet-related child porn on the rise Google providing better view of personal data EU agrees on new Internet user rights Security Section Front   Add Security headlines to your news reader: