Yet another in a rash of data thefts, and I believe it is the second one recently to say that they think the data were stolen not for the data, but for the computers themselves. Yep, could happen. But…
Let me see, the break-in happens during the audit process, coincidentally during the only time that the data was on the PCs and not on the secure server, not before or after that time.
Hmmmm. Very interesting indeed. The criminals who stole the computers are either the ‘luckiest’ or most ‘unlucky’ of criminals, depending on your point of view….and whether they really did steal the computers for the computers themselves, or not.
Are the folks at the medical group just trying to relieve panic by saying that they think it was only for the computers themselves, or are they forgetting about Social Engineering all together? Isn’t it coincidental that they just happened to be stolen during this very small time frame when the computers happened to have the data on them? I don’t know … but I would hope they are at least looking at that possibility and not discounting it because the computers happened to be new.
Letting folks know that their data has been stolen is very important, but if these criminals really did steal the computers simply for the type of computers they were (new Dells), then exposing that these computers included the data, could give them a leg up on selling the data they didn’t know was there before the information was made public. A real catch 22, huh?
NOTE: Originally posted: April 2005 (recreated from mangled original bambismusings.blogspot.com)