Secure data stolen from Lloyds Bank datacentre
lloyds bank data theft
I note Police are investigating the disappearance of a storage device that contains people’s names, addresses, sort codes and account numbers, after it was taken from a data centre in July (Telegraph).
Some thoughts here.
- Why would the Telegraph store this kind of info unencrypted on a data device? Indeed why would they store it on a physical device that could be stolen at all? Doesn’t sound like a very secure situation to me at all.
- Lloyds might have argued that Datacentres themselves are inherently secure. Well yes they are but there have been a number of examples over the years where people have stolen kit, usually expensive routers, from “secure” racks in “secure datacentres”. Datacentre security usually involves multiple layers of sign-in/verification and also involves cctv. Doesn’t seem to stop this kind of thing happening though.
- On this basis we should consider all data to me inherently insecure and open to theft at some point and assume that it will be stolen. The only way around this is to have a regime that involves regular password changes. I assume you all do this right? Even then it doesn’t guarantee the security of your data.
- If we assume that data will inevitably at some point be stolen then the question arises as to whether we are storing this data unnecessarily. eg do you need to keep your online banking login information stored somewhere that may be stolen. How about on a bit of paper hidden in a sock instead? (no clues being given here btw:)
- We should also question it when others propose to store your personal data for their own purposes. I’m sure there are many examples of this – you can name your own.
At this stage if I let it get to me I’d be a quivering wreck. There’s a lot of stuff out there about me. What can I do about it?
Part of the problem (problem?) is that stick a lot of stuff online myself without being prompted. Yesterday’s video of a goods train passing in front of me got over 4,500 views on Facebook with no effort whatsoever.
People will know I was at that specific railway crossing at the time the video was taken. Given enough time you could build up a profile of my regular movements and habits just from information publicly available on the web.
Although I know some people who shy away from platforms like Facebook for this very reason I don’t. In fact I’ve started to use Facebook more and more as believe it or not it is good for business. I’ve even installed the Facebook app on my droid despite my previous misgivings about the personal data it wanted to access on my phone.
I’ve basically just said “to hell with it” and plunged into the deep-end instead of playing about where I was able to stand up without the water coming over my head.
I don’t know where all this is going. On Tuesday one of my kids became the proud owner of a macbook pro. During the (brief) install phase he told me the machine was asking him whether he wanted to encrypt the disk. I googled this and found that Apple had introduced this feature as standard to make it harder for governments to snoop on their customers’ data.
We probably need to rely on these big companies doing the right thing because they have the resources to be able do it right. It is a worry though especially when half their business model relies on them collecting enough personal information about you to be able to sell it.
I’ve gone on enough here and it’s nearly time to go home. I’m cooking a pork casserole so that we have something ready for when we get back from Galashiels at the weekend. Look out for a post about The Pylons gig we are going to see at the 100 Bands Festival. In fact if you are in the area come and see them. 1pm main stage Saturday.
Lots more posts on the subject of data theft and online security in the security category of this blog.
PS I am a Lloyds Bank customer and user their mobile app. I am happy to do this because they guarantee to cover any losses due to theft arising from my use of the app. It’s the way ahead.