Recover Lost Documents

In Tennessee, the personal information on more than 18,000 Metro students and about 6,000 parents was searchable on Google for three months.

Amy Griffith Graydon stated in her report for the Nashville City Paper that the security breach was discovered when a parent “Google searched” her child’s name and found information including a Social Security number, address and birth date. Student racial information was also included.

The breach was made by Public Consulting Group, a contractor with the Tennessee Department of Education.

PCG employees reportedly made an error late last year as they transferred a database of information corresponding to all Metro students. During the transfer, copies of some of the information was written to an insecure server. The Google search engine accessed the insecure server during a regular “crawl” of the Internet, then cached the information.

The file with the information, which was available through Google searches for three months, was accessed four times. Stephen Skinner, a principal at the Boston-based PCG, stated that there are no indications that anyone tried to deliberately access the data.

PCG is offering affected families free access to identity theft and online credit monitoring, in addition to a $2 million insurance policy protecting enrollees from certain identity theft-related losses.

Families of students and parents whose information was made public were to be notified in writing within a week at the time of Graydon’s article.

In Wisconsin, a van and $500,000 worth of computer data were stolen from a Town of Plymouth business, according to the Sheboygan County Sheriff’s Department.

Sheboygan Press staff state in a report that Steven Lawrence, owner of SSL Industries, said he found a back door of the business had appeared to had been forced open with a crowbar. Two computers, and their data backups, were stolen, along with a company van and other equipment.

Lawrence stated how the computers held 10 years worth of AutoCAD drawings, programs and other things used to run the company. Lawrence stated that the on-site backups were gone, but had one at home.

SSL Industries is a light manufacturer that fabricates equipment for the food and packaging industry.

Lawrence stated that the emergency backups should keep the company operating and insurance would cover the losses, which include the van, a die-cutting machine and a wire welder.

Companies need to know how easy it is for sensitive data to be stolen by employees via high-capacity USB devices, states Karlin Lillington on irishtimes.com.

The report on irishtimes.com continues by stating that, according to Andy Harbison, director and IT forensic lead in law firm Grant Thornton’s forensic and investigative services unit, the most common method of removing company data is by a USB “key” or “thumb” drive, or by similar small storage devices, such as an iPod.

The use of iPods and other MP3 music players has become so common in data theft cases that it is now referred to as “podding.”

Harbison stated that there are certain times when people commit data theft; for example, when they are about to leave the company.

The data often stolen is used as the basis for a new job or company, or for the next project for the person or group stealing it.

Haribson pointed out the example of a case in Ireland in which a software development consultancy stole the software it was working on for a client as a basis for a pitch for new clients.

A common item to steal is client lists, in preparation for setting up a competing company.

Thumb drives, says Harbison, have increased dramatically in their capacity, which has made it all the more easier for people to store a great deal of data on them.

Harbison stated that if forensic investigators can get a hold of the storage devices or computers used to commit fraud, it is not generally too difficult to compile enough evidence to convict the perpetrators. Traces of information from the originating computer are transferred with files to thumb drives and other storage devices, and information is often left in browser caches.

In the UK, a BlackBerry sold by a homeless man to a student has been found to contain the personal information of cabinet ministers, top civil servants and police officials.

BBC News stated in a report that journalism student Darryl Curtis said that it held hundreds of phone numbers, with data which led him to believe that it belonged to an ex-Sheffield council chief.

Police believe it was stolen from a car and that they have determined whom it belongs to.

Curtis discovered that the BlackBerry contained the numbers for the children’s secretary, the foreign secretary, and an ex-deputy prime minister.

Curtis said he found on the BlackBerry the National Insurance number, home address and computer passwords of a former chief executive of Sheffield City Council.

A South Yorkshire police spokesman said that they are satisfied that they have traced the owner but that an investigation continues into the circumstances of the theft.