BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Over 22,000 USBs May Have Been Left in Dry Cleaners

From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Fri, 15 Jan 2016 09:14:59 -0600
http://www.infosecurity-magazine.com/news/over-22000-usbs-left-dry-cleaners/

As many as 22,000 USB sticks may be left in dirty clothes and handed in to
UK dry cleaners every year, with nearly half never returned, according to
new research from security vendor Eset.

The firm surveyed 500 launderettes and dry cleaners around the country and
extrapolated its findings based on the 5,839 such businesses nationwide.

It found that on average each dry cleaners will find four USBs in dirty
laundry—which works out at over 22,000 for the country.

Even worse, some 973 mobile phones are also absentmindedly left behind in
pockets and handed in, the study found.

What’s more, 45% never get returned to their rightful owner, Eset said.

The study highlights the need for organizations to enforce strict policies
around data portability—something privacy watchdog the Information
Commissioner’s Office (ICO) has been advocating for years.

Removable media in particular makes it easy for staff to transfer but also
lose sensitive corporate data.

In fact, the past few years have been littered with high profile cases of
public and private sector UK organizations doing exactly that.

Most recently, East Sussex NHS Trust was forced to apologize
<http://www.infosecurity-magazine.com/news/nhs-blunder-breaches-data-on-3000/>
to over 3,000 patients after sensitive data was downloaded to a thumb
drive, stored unencrypted and then lost.

A combination of people, process and technology is often touted as the best
way to guard against such shortcomings. That is, better training for staff,
strict policies on data transfers and technology to prohibit the
downloading of unencrypted sensitive data to removable media.

Banning them outright just isn’t realistic, according to Eset security
specialist Mark James.

“USB drives are a small convenient means to transfer data from one
environment to another; with the right safety measures in place and some
good policies, they should be as safe as any data transfer method,” he told
*Infosecurity*.

“USB encryption is low cost and if used correctly will protect any private
data from prying eyes, plus correctly configured internet security products
that scan on insertion of any media will give you a fairly comprehensive
protected environment.”

USBs and mobile phones aren’t the only thing launderette owners have found
in dirty laundry over the past year, according to Eset.

Some of the most noteworthy items related to the security vendor included a
dead rat, dentures, and Viagra pills.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: