Categories
Blog Data Erasure Device Control File Server Security Insider threats USB Copy Protection USB Sescurity

The Other Side of Edward Snowden Case

Thanks to the whistleblower case of Edward Snowden, the public is now aware of the level of private information gathering that has been performed by the U.S. government through agencies such as the NSA. Snowden release of top-secret NSA materials was referred to as “the most significant leak in US history according to the Daniel Ellsberg a former U.S. military analyst who is most famous for leaking the Pentagon Papers in 1971. What was most shocking was the degree of how much private information had been gathered in which case had brought back the fears and insecurities of when the Patriot Act was legislated in order to indiscriminately collect information under the banner of anti-terrorism.

Many journalists and information security specialists who have criticized the indiscriminate collection of private information have suggested that individuals should use client-side encryption solutions for private information, especially since storage solutions such as the cloud were becoming ever more popular. Since the Snowden case, however, public cloud services have been negatively impacted due to the heightened awareness of the lack of privacy of personal information.

In regards to information security, the Snowden case provides us, the public, with another large implication. Snowden worked for the NSA and its affiliated organization which has arguably one of the strongest internal information control systems in the world. Yet, he was able to gain access to highly confidential information that had the potential to impede national interests as well as the organization’s interests. Snowden was then able to copy the confidential information onto a USB flash drive and take it out of the office. For an organization such as the NSA and the affiliated organizations who are supposed to have a sound security infrastructure, this was a huge breach of their internal information security system, thus, making it clear that they had failed in managing internal information access and assessing the user’s ability to handle such information.

This case brings us to think more about the current situation of internal information security management systems of many U.S. organizations. A study conducted by Forrester stated that only 25 percent of data breach cases are from external attackers, meaning 75 percent of attacks are from within an organization. Even so, many organizations cannot easily integrate an internal information leakage prevention system because it often puts a damper on work efficiency. In some organizations, the management argues that it is almost impossible to prevent internal information leakage by utilizing a technological security solution and instead, they relieve themselves by getting employees’ to agree to a non-disclosure agreement and take some rudimentary education on information security. Though this is still needed, it is a much too passive solution.

It has become acceptable for workers to bring their own private devices such as laptops, tablets, and smartphones to their office to work. They store a lot of the organization’s confidential information onto the devices and are now taking the private information with them when they bring their laptop or tablet to a Starbucks, or pretty much everywhere when they bring around their smartphone. This is a huge security risk and it is important to be responsible for the security of the device as well as the information itself.

Now with cloud storage systems becoming more widely used, when companies decide to send designs for a new product, that their company spent a lot of time and money developing, through the cloud to an employee that is offsite, the company no longer has any ability to control the usage of the design. In this situation, all the organization can do is hope that nothing happens by fully trusting the non-disclosure agreement, information security education program, and their employees. Though it is good to have trust in your employees, blindly trusting them is plain idiocy. Without some sort of security system set in place, if a top-secret document is lost by employee carelessness, robbery, or even leaked by an employee with malicious intent, the organization may never find out who did it, where it happened, or even how it happened. Even if they do know the “who”, “what”, and “how”, the damage that follows often cannot simply be compensated by the dismissal of an employee or civil and criminal actions.

Ultimately, it comes down to the need for change: A need to restructure the way internal information leakage prevention systems are viewed and utilize preemptive security solutions. In order for organizations to prevent cases such as Snowden, there needs to be a push towards preemptive security solutions that can be used with existing technologies such as encryption, which only focuses on preventing leakage when the device is lost or stolen. It’s because many chose to be oblivious the fact that those that are authorized to use the data are possibly the biggest threat in terms of information leakage.

A possible solution to the prevention of internal information leakage, are storage devices that utilize features such as copy protection. Secudrive (www.secudrives.com) provides solutions that even small and medium companies can easily integrate into their security policy. They provide products that can prevent unauthorized copy of A/V files, office files and even CAD files, supporting various storage devices such as USB flash drives, file servers, and public cloud storage systems. Alongside their copy protection products, Secudrive also provides device control products that allow only registered devices, such as USB flash drives, tablets, and smartphones, to be able to access a port of a registered PC.

Categories
Blog NEWS News Letter Press Release USB Copy Protection USB Sescurity

Secudrive USB CAD released

Brainzsquare announced the release of specialized copy protection, a secure USB drive solution for design and CAD files, SECUDRIVE USB CAD, into the market. SECUDRIVE USB CAD offers copy protection for important design files and prevents unauthorized copy, print, or transfer. It also utilizes its compatibility with various CAD and design applications such as AutoCAD, OrCAD, Adobe Photoshop, Illustrator, and more. With other security features such as password protection, event logs, and validity settings, this solution is especially useful for designers who carry their designs with them.

San Jose, CA-August 19th, 2013-Brainzsquare announces the release of SECUDRIVE USB CAD, a specialized, copy- protected, secure USB solution developed especially for compatibility with design and CAD files, into the market. With other security features embedded into the solution, SECUDRIVE USB CAD is perfect for designers who carry their precious designs with them on the go.

With SECUDRIVE USB CAD, users can safely carry their important designs with them wherever they go. Whether it be on a business trip, a trip to the office, or a public PC center, it provides copy protection not only for document files, but for computer-aided design files as well. The copy protection solution is compatible with numerous CAD and design programs such as Adobe Photoshop, Adobe Illustrator, AutoCAD, OrCAD, and more. By adding specific programs to the USB’s copy protection system, important design files cannot be opened by programs other than the ones the user has specified, and cannot be copied, transferred, or saved onto the local PC. This protects the user’s copyrights on their designs and prevents unauthorized people from viewing or leaking the data.

This secure USB solution also features validity settings, Auto-lock, password protection, and print controls with watermark printing. Validity settings allow users to set a time period for the USB to be active and also set a limited number of logins. If the user has to leave the computer for a few minutes, there’s no need to worry there either. With Auto-lock, users can set a specific time a computer can go inactive before the USB automatically logs out of the device. But be aware, data not saved will be lost upon logout. SECUDRIVE USB CAD also comes with password protection. Users will be asked to input a password upon their first login. If the wrong password is entered over ten consecutive times, the data on the USB will be automatically and irreversibly erased. This is to prevent data leakage if the USB drive is ever lost or stolen. Users have a choice of turning off printing completely, which doesn’t allow any file to be printed off of the USB drive, or turn on printing with a customizable watermark.

Users can also login as read-only mode. This prevents files on the USB from being edited or overwritten. With AES 256-bit hardware encryption and an embedded anti-virus vaccination, users can rest assured that their design files are safe from virus infections and malware. Detailed event logs are also provided with information such as date, time, user name, USB serial number, and action taken.

“Conceptual drawings and designs for new product development warrant a high level of confidentiality within a company. Companies, as well as employees today, have worried about loss, theft, or leakage of their designs whenever it is taken out on a portable device to show to cooperative partners outside of company grounds. Designers can now carry their precious design files with them on SECUDRIVE USB CAD and not have to worry about the security risks of losing their flash drive, unauthorized copying, or virus-infected files. This USB solution gives the users all they need to protect their precious data in a simple and effective way,” said Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog NEWS News Letter Press Release USB Sescurity

SECUDRIVE USB Basic Released

Brainzsquare announced the release of SECUDRIVE USB Basic, a new secure USB solution with hardware encryption which is strengthened by embedded functions such as password protection, self-destruction, auto-locking, login as read-only mode and anti-virus vaccine, designed to protect data in vulnerable situations.

San Jose, CA – August 27th, 2013 – Brainzsquare announced the release of SECUDRIVE USB Basic, a secure USB solution with hardware encryption, strengthened by embedded functions designed to keep important data secure in vulnerable situations.

With SECUDRIVE USB Basic, users can safely carry their important data without having to worry about the consequences of losing it because it provides security features designed to protect your data in everyday vulnerable situations. The flash drive comes with AES-256 bit hardware encryption which automatically encrypts all stored files in a secure zone of the drive. Users are asked to set up password protection upon their first login. If the wrong password is entered in excess of ten times, the contents of the USB drive will be permanently erased by its self-destruction function, keeping the data stored inside from being seen by prying eyes even if the flash drive is lost or stolen.

Auto-lock is also a feature of SECUDRIVE USB Basic which automatically closes all files currently open on the computer and logs you out of the USB drive secure zone if the user has been inactive for a specific amount of time. So whether you’re at your computer or away from the keyboard, you can relax, knowing your flash drive automatically logs you out after a certain amount of time. Users can also login as “read-only,” which allows users to only be able to access the data stored on the USB in a Read-Only format. This helps users avoid certain malware.

SECUDRIVE USB Basic comes with an embedded Trend Micro™ Antivirus program to prevent files stored on your flash drive from being compromised by virus infections. All files stored onto the flash drive will automatically be scanned and protected from viruses by Trend Micro’s program. Pattern analysis and engine updates are provided for one year from the date of purchase. Users can renew their subscription license annually through the SECUDRIVE website.

“If you don’t want anyone to access your files on your USB flash drive, you should use a hardware encrypted, secure USB. This has become essential over the last few years. SECUDRIVE USB Basic is one of the most effective hardware encrypted USB flash drives designed to keep valuable and confidential information secure in vulnerable situations. It’s simple but very effective in securing data for everyone,” said Simon Kang, CEO of Brainzsquare.

SECUDRIVE is the registered trademark of Brainzsquare.

TREND MICRO and Trend Micro USB Security are trademarks or registered trademarks of Trend Micro, Inc. Specifications of the product may change without prior notice.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog Device Control NEWS News Letter Press Release

SECUDRIVE Device Control Released

Brainzsquare announced its release of SECUDRIVE Device Control, a new device access control solution for data leakage prevention for SMBs, into the market. SECUDRIVE Device Control makes it possible to allow or block devices such as USB flash drives, external HDDs, Smartphones and tablets from being connected to the USB ports of a corporate PC. The logs related to file activity in the allowed media are gathered and arranged for auditing.

San Jose, CA-August 1st, 2013-Brainzsquare announced its release of SECUDRIVE Device Control, a new device access control solution for data leakage prevention targeted for SMBs, into the market.

SECUDRIVE Device Control makes it possible to allow or block devices such as USB flash drives, external HDDs, Smartphones and tablets from being connected to the USB ports of a corporate PC. Even the allowed devices can be restricted to “read-only.” The logs relating to file activity in the allowed media are gathered and arranged for auditing purposes. For situations where the PC is carried out of the office, a separate security policy can be set and a log of all the activity that occurred will be gathered once the PC is returned to the office and reconnected with the manager program through the network. Once it has been installed on the PC, the security policy can be set to block prohibited devices which could help keep stop the infection of common USB viruses such as the Stuxnet virus.

Also, since smartphones are so versatile with its capabilities, SECUDRIVE Device Control provides multiple blocking options. The phone can be restricted to the only function as a removable storage device, or only allow it to use MTP, PTP, or tethering connections instead, thus allowing complete control over smartphone connections.

SECUDRIVE Device Control has the ability to deny or allow access to devices using the following ports in addition to the USB port: Serial/parallel, Bluetooth, network, WiFi, Printing, IrDA, CD/DVD, IEEE 1394, and even floppy.

SECUDRIVE Device Control comes in two versions, Basic and Enterprise. SECUDRIVE Device Control Basic is installed on a PC or server and is managed independently, therefore it is intended for smaller companies that have fewer than 20 PCs and industrial PCs which are not connected to the network. SECUDRIVE Device Control Enterprise allows the administrator to control device access and manage security policy by PC or by groups remotely, through the network. The administrator has a full view of all device access activity and can gather logs on files that have been transferred using the USB port.

“It doesn’t require any dedicated DB. It is easy to use, even for those of us who are not the most computer literate, meaning an IT specialist is not necessary. After installing it on a PC, a user cannot remove it unless the administrator allows it on the program. SECUDRIVE Device Control is targeted for SMBs. It is a must-have tool for SMBs to prevent internal data leakage and could be used along with our H/W encrypted and copy-protected USB products such as SECUDRIVE USB Basic, Office, CAD.” – Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog NEWS News Letter Press Release USB Copy Protection USB Sescurity

SECUDRIVE USB Office Released

Brainzsquare releases SECUDRIVE USB Office, a new, copy-protected USB solution with hardware encryption and password protection which secures confidential documents. This secure USB solution comes with validity settings, security policies, and detailed event logs to prevent confidential documents from being leaked whether by accident or with malicious intent.

San Jose, CA-July 9th, 2013-Brainzsquare releases a new, copy-protected USB solution for confidential and private document files, into the market.

Many corporate businesses allow employees to carry confidential documents with them on their USB storage drives. But what can businesses do as an administrator if the employee’s flash drive is lost or stolen? What if there is a malicious intent on copying the confidential documents without an authorization? Brainzsquare has developed a USB solution to solve all these security issues.

With SECUDRIVE USB Office, employees that handle sensitive document files can feel safe carrying them on these specialized flash drives. A unique feature of this USB drive is the copy protection feature which prevents document files from being copied without authorization. The copy protection security feature is compatible and supports the Microsoft Office programs and others. By specifying which application is allowed or disallowed for copying, SECUDRIVE USB Office can prevent document files from being accessed and copied by other programs.

It also comes with hardware encryption and antivirus vaccination software to prevent document files from being leaked or affected by viruses. With several other security features such as validity settings, password protection, auto- lock, and detailed event logs, users can keep track of their documents and prevent data from being leaked if the flash drive is ever lost or stolen.

“SECUDRIVE USB Office is a top-notch USB security solution for business and corporate users due to the nature of the copy protection feature and other security policies. It can be a safe way to carry corporate confidential documents out of the office especially if the company utilizes a virtual desktop infrastructure. By using SECUDRIVE USB Office, users can prevent confidential documents from being leaked even if the USB drive is lost or stolen. It can also prevent private documents from accidental or malicious data leakage,” said Simon Kang, CEO of Brainzsquare.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog File Server Security

A Way to Prevent Insider Threats

With the growing number of BYOD (Bring Your Own Device) policies being implemented at work, companies are now more concerned about their data security than ever before. As much as a company can trust their employees and coworkers (and we realize that Non-Disclosure Agreements exist for a reason), no company should ever go without data leakage prevention measures. Have you ever worried about accidental or worse, malicious internal data leakages? Once it spreads, it is an arduous task to find the source of the leakage and can lead to inefficiently containing it. This can ruin a company’s reputation for a long time.

Especially those companies that share their important confidential data via file servers throughout the company. Yes, there are benefits to using file servers such as efficient data sharing, collaboration, and the works. However, file servers today come with little too inefficient monitoring capabilities, security, and protection. There are solutions to these current issues that have been brought up in multiple IT discussions such as file encryption, physical isolation of the file server, and antivirus vaccination software.

But these solutions can only curb the dangers from accidental data leakage. How can a company know when a malicious data threat is on the way before it happens? The key is to be prepared and prevent potential data threats. A new copy protection software for file server has been released into the market by Brainzsquare called SECUDRIVE File Server.

Copy Protection to prevent files from being copied and leaked
By applying copy protection to the file server connected to the network drive, administrators can prevent registered users from copying the file to the local disk drive, or other outside sources. Prevention of screen capturing and printing is also included. So even if there was a malicious attempt or accidental cause to copy the data out of the file server and distribute it without authorization, you’d be covered.

A simple User Interface that detects and keeps current file server settings
Don’t fear, file server administrators! By installing SECUDRIVE File Server onto the file server, fill out the file server information and it will automatically detect your current file server settings (users, shared folders, etc.) and keep them when setting up. Registering new users, or new shared folders and setting sharing policies and copy protection policies for each user is simple with SECUDRIVE File Server.

Brainzsquare offers 30-day trial versions of SECUDRIVE File Server on their website.

Categories
Blog File Server Security NEWS News Letter Press Release

Secudrive File Server Released

Brainzsquare releases a new file server security solution with copy protection technology, Secudrive File server. SECUDRIVE File Server makes it possible to prevent files from leaving the file server due to unauthorized copying, as well as audit how the files are handled by utilizing a detailed event log. The software runs after installation and opens in the existing windows file server while keeping the current file server settings.

San Jose, CA- June 12th, 2013– Brainzsquare releases a new file server security solution with copy protection technology, Secudrive File Server (SDFS). SDFS makes it possible to prevent files from leaving the file server due to unauthorized copying and audit how the files are handled by utilizing a detailed event log, while keeping the easiness of file sharing among users. The software runs after installation and opens in the existing windows file server while keeping the current file server settings. SDFS supports Windows local and AD accounts.

A specific user who installs the client program of SDFS can get access to a shared folder on the file server only if the administrator allows the user to handle files in the folder. Copy protection functions of SDFS includes disabling of the copy to local disk function and printing (or allowing printing with a watermark), screen capture prevention, disabling network transfer via email and messenger programs, and disabling copy to CD and USB flash drives. If an administrator allows a certain user to copy a file stored on the file server, a copy of the copied file can be securely backed up onto the file server to use for auditing purposes using the backup file function of the SDFS.

The file log records usage, date, time, file server, and the users that accessed the files, for easy file management by administrators. SDFS gathers only useful file logs relating to the users’ actions by eliminating logs that do not relate to the user. For example, the file log does not record temporary files that are created when an application program reads a file, therefore administrators can audit and track the route of leakage quickly and efficiently.

“Many organizations are storing their important and confidential files in file servers to share the files with internal and external coworkers. But the level of security for file servers is generally pretty weak. SDFS has strong security functions that is easily installable and can be used with ease. I expect SDFS to become one of the most popular file server security solutions to contribute to secure file sharing and cooperation of TFT teams and SMBs,” says Simon Kang, CEO of Brainzsquare.

About Brainzsquare: 
Founded in 2000, Brainzsquare has been serving specialized and innovative data security solutions in the market. In 2006, with the launch of the SECUDRIVE product line, Brainzsquare provides products ranging from secure USB flash drives and data erasure products to copy protection software, device control, and file server security for corporate customers and content publishers.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog NEWS News Letter Press Release USB Copy Protection

SECUDRIVE USB Copy Protection Server Released

Brainzsquare releases SECUDRIVE Copy Protection Server, a high caliber copy protection solution for digital content and documents that require frequent content and policy updates and monitoring via servers. Administrators can now securely distribute and control content access remotely using online servers.

Brainzsquare announced its release of SECUDRIVE Copy Protection Server (SDCPS), a server-based copy protection solution into the market.

With the growing needs of content publishers and their content, distribution needs to be more efficient and more closely moderated. Existing copy protection, such as CD or DVD copy protection for content can take up to 10 days or more to produce and distribute, and can be quite pricey when adding all the delivery fees, distribution fees, etc., together. SDCPS was developed with the solution to that in mind. The ability to speed up the production and distribution process and the ability to update content, copy protection policies, and validity licenses regularly when distributed to remote locations are a few of the core advantages of SDCPS.

SDCPS caters especially to companies that need moderated copy protection for their evolving digital content and documents when distributing it to others via online. This specialized copy protection solution utilizes advanced features such as copy protection that prevents screen capture and printing without authorization, validity settings, and DRM policy settings with optional password settings. SDCPS allows administrators to update content licenses and security policies for the purpose of monitoring and regulating.

By installing the server component of SDCPS onto the server, the administrator can monitor, update, and control the validity settings of the digital content remotely. Content will still be downloaded and copied onto normal USB drives as with the regular SECUDRIVE Copy Protection. SDCPS creates secure image files by integrating the digital content and the security policy configuration. Once connected to the internet, a virtual drive will appear on the USB drive, allowing the user to view the stored content. Content policies updated on the server will be updated for authorized users on their virtual drive once connected to the internet.

“SECUDRIVE Copy Protection Server is all of the features of the regular Copy Protection, but now companies who need to monitor and update their content policies online when securely distributing content on USB drives can take advantage of the online license managing program,” said Simon Kang, CEO of Brainzsquare.

Brainzsquare offers 30-day trial versions of SDCPS for content publishers to try on their website (www.secudrives.com).

About Brainzsquare:
Founded in 2000, Brainzsquare has been serving specialized and innovative data security solutions into the market. With the launch of the SECUDRIVE product line in 2006, Brainzsquare has been providing products ranging from secure USB flash drives and data erasure products to copy protection software, device control, and file server security for corporate customers and content publishers.

If you have any questions or inquiries about this article or its contents, please contact us.

Categories
Blog USB Sescurity

Hardware USB Encryption Vs. Software USB Encryption.

A strong case for hardware USB encryption and an analysis of the weaknesses of software USB encryption.

We have all lost a USB flash drive at one point or another. Millions of USB flash drives are lost per year and the potential fallout from lost confidential data can be costly. So it is important to have some sort of security on your USBs so that if they get lost, the data is unrecoverable.

When looking for USB encryption options, it can be difficult deciding which type of encryption mechanism you should use. Between the two types of USB encryption methods, software and hardware encryption, there is a clear winner. Hardware. Though software encryption, in general, has come a long way in a PC environment, in the end, it is still software, and like all software, it is crackable.

Software Encryption is still Software
Though the process is not easy, hacking of even well-made software encryption is possible by skilled programmers. The way software USB encryption functions are by using the user’s password to encrypt the master key, which encrypts the data. In order to access the data within the USB, the hacker only needs to find the password, which will then give him the master key to access the data. In order to find the password, hackers can use a brute-force attack, which is a cryptanalytic attack that checks all possible password combinations until the correct one is found. A relatively secure password such as “F7*eTi!9” can be cracked in minutes or hours depending on the encryption used (64-bit, 128-bit or 256-bit). Once they find the password, they will have access to the encryption key and have complete access to all stored USB data.

Hardware’s Defense
On the other hand, hardware encryption uses an onboard security chip, such as the AES 256-bit Crypto Chip, to perform all encryption and decryption of data along with key generation and handling. Due to software encryption’s dependence of the host PC, it enables a hacker to be able to alter the software programming, for example, to allow an infinite amount of password attempts. So, even if a software encrypted USB had a password counter that limited the number of password attempts, the program could be altered through the PC by a skilled programmer.

Hardware encrypted USBs will not connect to the PC without the password so it cannot be altered through the PC. So by separating the algorithm and encryption key within the encryption chip from the PC, it prevents potential hackers from accessing and/or tampering with your software encryption program through the host PC.

Along with the separation of the encryption chip, hardware encrypted USBs use an internal password counter which limits the number of passwords attempts. By limiting the number of password attempts, the hardware-encrypted USB prevents brute-force attacks from guessing your password and destroys or freezes the stored data once a user surpasses the limit. So even if you are one of the million people that have lost a USB, the stored information will be kept from prying eyes.

Additional USB Security Features worth Having
Whenever connecting a USB into a host PC, regardless of whether it is hardware or software USB encryption, it is susceptible to viruses and malware. A common USB virus, the Autorun Virus can alter the autorun.inf file that most USBs use to automatically start the login process. This can lead to an infection of corporate networks if the infected USB is connected to an office PC that is part of an office network. To resolve this issue, USBs are being loaded with anti-virus software to help combat the risk of infection through the host PC. For example, SECUDRIVE has protected all their secure USBs with Trend Micro’s TMUSB 2.0 vaccine program to prevent any infection.

Hardware over Software
When it comes down to the level of security, hardware USB encryption is superior. Its separation of the encryption key and resistance to brute force attacks makes hardware USB encryption much more robust and resistant to hacking attempts. If you are thinking of purchasing software encryption for your USB, think again. If your data is important enough to protect, wouldn’t you want the highest standard in USB encryption protection? Some may argue that software encryption may be cheaper. This may be true initially, but in the long run, the benefits of hardware USB encryption outweigh the initial costs. Why risk losing important information to potential competitors with a subpar encryption method? It isn’t worth risking millions of company dollars to skimp on USB data protection. When it comes to USB encryption, hardware encryption is the obvious choice.

Categories
Blog Data Erasure

“Deleted” Data that is not completely Deleted

A PC generally keeps most of the data stored on it whether it has or hasn’t been deleted, up to the moment of being disposed of if no complete erasure is done. It is common for people to tend to think “erase” or “delete” in Windows means that the file is gone forever and unrecoverable. People with a bit more security awareness feel comfortable after they format all data of partition before disposing of the PC. However, it is common knowledge that deleted and formatted data in Windows can be easily recovered by using simple recovery software that is easily accessible on the Internet.

In the United States and the U.K., they are famous for their stricter industry-standard, government regulations, and laws in comparison with other countries. The following data leakage from used disk relating to government organizations reminds us of the importance of completely wiping disk drives.

In 2009, the United States Department of Veteran Affairs had one of their hard drives fail, which contained records of millions of U.S. veterans. Without destroying the data first, they sent the failing hard drive back to the vendor for repairs, risking potential data breach that could have affected 760,000 people. This accident is claimed to be the single largest release of personally identifiable information by the government in history.

In 2010, there was a sensitive case with NASA’s preparation for the end of the space shuttle program. Selling their surplus of supplies, old computers were on the list. However, fourteen computers from the Kennedy Space Center failed tests to determine whether they were properly sanitized of sensitive and confidential information. Ten of the computers had already been released to the public at that point, creating a serious data security issue and breaches to NASA’s IT security practices. Information on the computers could have helped hackers gain access to NASA’s internal computer network.

Also in 2010, an army officer, Captain Robert Sugden sold his broken laptop for “spare and repair” parts for around $32 USD. However, the laptop contained military secret files such as troop numbers, patrol details, ammunition stock lists and locations of police command posts, none of which required passwords. Such information could be fatal if put it was in the hands of terrorists. When the shocked buyer returned the laptop to the U.K.’s Ministry of Defense, it was also discovered that the laptop contained hundreds of photos and names, risking the lives of those that joined the Afghan National Police and Afghan National Army.

In the previous mentioned cases, it was fortunate that the government authorities went ahead with inspection and prevented the data from being leaked and misused by other parties. There are cases where those who were not wary of the dangers of data leakage from a used hard disk. The two U.S. cases mentioned above were only discovered because of an audit done by the government while in the case of the U.K., a buyer let the government know of the situation. It is reasonable to say that there are many potential cases out there that can lead to great risk just like the ones brought up in this entry.

In 2008, an illegal content distribution scandal took place in Hong Kong, China. Although this case does not involve the government, it does involve an individual’s privacy. Dubbed the “Edison Chen Photo Scandal,” a personal computer was sent in for repairs where hundreds of private photos were taken, copied, and distributed without consent, allegedly by the computer repair shop. The PC’s owner, Edison Chen stated that the photos that were distributed were deleted before being sent in for repairs, but with the advancement and accessibility of data recovery technology, about 1,300 of Chen’s sexual and celebrity photos were recovered, taken and copied, only to be distributed for the world to see. This case severely damaged his reputation and his career in China.

Over 250,000 used computers and over 100,000 used laptops are waiting to be sold on eBay by the end of April 2013. Many people carefully erase the data by deleting files and reformatting the hard drive to feel more secure when selling computers. This blog entry was created to raise data security awareness to prevent such data leakage incidents, which may creep up on us someday.