Toto, I've a Feeling We're Not Securing Data in Kansas Any More: (re) blog: dialogue with Redemtech

If you read the colorful description provided by the official website for the city of Salina, Kansas, you’ll find all indications that it is a progressive regional trade center for the north central region of the state. There are references to a rich history of manufacturing, agriculture and transportation; jobs in educational services, healthcare and retail trades; and a thriving arts community, including a performing arts theater and symphony. This certainly gives the impression that Salina is a modern, up-to-date city.

So I am baffled as to how word of the threat posed by data security breaches seems to have somehow bypassed parts of Salina, if recent crime stories appearing in the local news media are to be believed.

According to these sources, several burglaries have plagued Salina of late. Thieves have been breaking into a variety of businesses, disassembling office computers and absconding with the hard drives. It seems pretty obvious that someone is after sensitive information on these data-bearing computers to use to commit other crimes.

But according to a news story in the Salina Journal, “the motive for a string of Salina burglaries in which computer hard drives have been stolen is a head scratcher.” A spokesperson for the police department was quoted as saying, "When you go to the trouble of pulling the cover off a computer and removing the hard drive, you are targeting that for a specific reason. So, is it the information on that hard drive, or are you using it for something else on down the road?"

The same spokesperson told local TV station KWCH: "We are trying to … figure out what it is they are looking for on those hard drives.” This sentiment was echoed by a comment from one of the data breach victims, who was quoted as saying, “You wonder why. What did we do? What's going on? What are they after?"

The answer is simple: They’re after information on customers. They use it to steal.

The Salina burglaries may be a case where the police are being cagey and the victims are behaving purposely coy, but the news media coverage implies that no one really knows what criminals do with stolen personal data. There are vague references to data theft, but nothing regarding what kind of information was stored on the stolen hardware or how many people might be impacted by the incidents. Advice to other businesses to protect data on their computers is relegated to the same mandatory comment graveyard as the caution for everyone to lock their doors and leave the lights on.

It is possible that local officials don’t want to create panic, but reporting a computer hard drive theft should include all of the pertinent facts so that those affected will know that their personal information may be jeopardized. Since the burglars disassemble the equipment to get to the hard drives and memory cards, it’s pretty clear that this is not just another crime where a data-bearing laptop is stolen so that a petty criminal can sell it quick for cash.

As this series of similar crimes in Kansas indicates, data theft can occur anywhere. Common information of customers, such as names, addresses, Social Security numbers, credit card information, bank PINs, mothers' maiden names and driver's license numbers are a lucrative commodity.

So the next time you read about some small-town business losing a laptop, hard drive, or other data-bearing device to thieves, press for more details. While others may be saying “What in the world would they want with that old computer?” you need to ask those responsible for storing that information how the loss affects you.

Technorati Tags: data security, data theft, data-bearing devices