The USB memory stick has become a convenient and popular data-storage utility. Small in size, but large in storage capacity, the sticks are used by millions for work, personal or miscellaneous information storage. They have the ability to hold millions of documents, images, videos and emails, but their miniscule size means they are constantly lost or stolen – something that proves very dangerous.
° In November of 2008 a memory stick was lost in England which contained confidential passwords to the country’s online government system. Information on 12 million citizens was contained on the sticks and the government was forced to shut down the website.
° Just this month in Lancashire, England, a health worker lost a USB stick containing records and personal information on 6,360 prisoners.
° Back in 2006, information on 28,000 US Navy members was posted to a civilian website. Names, dates of birth and social security numbers of sailors and family members were revealed.
° The UK’s Home Office was guilty of breaching data protection when a memory stick containing information on thousands of prisoners was lost. The memory device contained the names, addresses and expected release dates of 84,000 prisoners.
This is merely a snippet of the thousands of cases of data breaches occuring each year due to lost or stolen USB memory sticks. It is important that all information stored on such a stick, whether personal or business, be encrypted. Cypherix, a cryptography and data security company, provides in-depth information on how to encrypt information to prevent a data breach in the case of a misplaced memory stick. DataLossdb.org is an interesting site devoted to keeping up-to-the-minute records on data and security breaches by businesses, governments, hospitals and educational establishments throughout the world.
Emily Holbrook
Click here to comment
Comments
There are solutions to the lost memory stick problem. For example, I use an Ironkey which is a hardware encrypted USB stick that self destructs after 10 consecutive wrong passwords. Apparently the hardware encryption is to some military or governmental standard. If people that need to move confidential data would use a high level of encryption we probably would not have anything like the breaches in security mentioned in the article.
posted by Rob Esson of NAIC at 11:38 a.m. on 1/28/2009 | 
