Blog post

Data Breaches and Clothes Closets

By Jack Santos | September 16, 2010 | 0 Comments

A friend of a friend of a friend passed along a 500 Mb thumb drive the other day.  It came through a series of hands (starting with a cleaning lady), and was looking for someone that might understand the implications of this find.

As it turns out, it’s a data breach.  Or what we in the computer industry euphemistically call  “data leakage”.

The information on the drive is quite confidential, and involves one of the biggest international securities fraud cases of this decade.  Lawyers notes, emails, internal auditor reports,  desposit records,  fee schedules, court depositions.  This was one of the largest bankruptcy filings in the world (up to that time), led to jail time for executives, and affected markets and banking systems worldwide. 

The details on the thumb drive are sensational.  It reads like the results of a hack by Lisbeth Salander from a Stieg Larsson novel.  I was able to tell who, what, and even where (what firm) the drive came from. If I had  the time I could assess whether the truth was really found out during the fraud trial (which was eventually dismissed), through documents that were not introduced in court.

But what is even more interesting is where the thumb drive was found: deep in the corner of an apartment that was probably rented, re-rented, and re-rented again, until a thorough cleaning turned  up the small plastic rectangle in a closet corner.  It must have fallen out of a pants pocket years ago… and fell into my hands.

Which just goes to show you.  With all the money we spend on web filters, virus software, data leakage detectors, encryption schemes (which would have been worthwhile in this instance if it had been used) – sometimes it just comes down to behavior, chance, and human stupidity.  It doesn’t take a lot of imagination to think about how often something like this happens….and  the implications of this room full of documents in an old (now considered a rather small amount of storage) thumb drive that was 10% utilized.


Next steps? Destroy the evidence  …….







Comments are closed