The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
35°F
Current Conditions
Clear sky
View complete weather report

Color Scheme

Subscribe now

When data walks out

Stephen Manning Associated Press

ROCKVILLE, Md. — Reports of data theft often conjure up images of malicious hackers breaking into remote databases to filch Social Security numbers, credit card records and other personal information.

But a lot of the time, the scenario is much simpler: A careless worker at a company or agency with weak security policies falls prey to a low-tech street thug who runs off with a laptop loaded with private data.

In the biggest case, the Department of Veterans Affairs recently lost data on 26.5 million veterans and military personnel stored on a laptop and external drive stolen from the suburban Washington home of a VA employee.

The data on the stolen laptop were in a form difficult for an outsider to use, and authorities believe thieves may have erased the information before selling the hardware.

But that doesn’t satisfy August Woerner, an 80-year-old World War II veteran from Westerly, R.I. He received a letter from the VA saying his data may be on the laptop because of a claim he filed several years ago at a VA medical center.

Woerner takes every precaution he can to shield personal information — he checks his credit rating online regularly, shreds financial documents and monitors the balance of his credit card nearly every day. Despite his diligence, he is convinced someone will steal his identity soon.

“I do the best I can, but I can’t very well fight this theft,” said Woerner of the VA incident. “That data should not be readily available by someone simply walking it out of a building.”

Security experts and some privacy groups say simple measures could protect data if a laptop falls into nefarious hands. They include encrypting the information so it’s nearly impossible to access without the correct credentials.

“It is shocking how many of these are stolen laptops and that fact that the users of the laptops did not use encryption to secure the data,” Beth Givens, director of the Privacy Rights Clearinghouse, said of recent data losses. “If thieves read the newspaper, they can readily figure out that they have got more than just a piece of hardware.”

The portable computers are usually protected by passwords needed to boot them up, but the data on their drives are still accessible. Encryption, on the other hand, scrambles the information and would render it useless to a thief without a digital key that decrypts the data.

A variety of encryption tools are available, including software as well as specialized chips.

But many people are reluctant to use them because losing the key can make it hard to access the data and the programs can slow down data access, said Alan Paller, director of research at the SANS Institute, a computer-security organization in Bethesda.

That could change as computer manufacturers start selling laptops with encryption built in.

Microsoft’s Windows Vista operating system, due late this year for businesses and early next year for consumers, is expected to make it easier for users to encrypt all their data.