US Securities and Exchange Commission employees took laptops with sensitive, unencrypted data on fin
5 replies, posted
[quote=http://www.bbc.co.uk/news/technology-20266783]The US Securities and Exchange Commission (SEC) has spent $200,000 (£125,190) investigating security blunders made by staff.
The SEC, which oversees US financial markets, was forced to investigate when it found out that staff were not encrypting sensitive data.
It feared that data had gone missing after realising unencrypted laptops were taken to a hacker conference.
The probe suggested no data had been lost as a result of the mistake.
The unprotected computers at the heart of the investigation were being used by staff in the SEC's Trading and Markets Division, Reuters reported.
One of the responsibilities of that division is advising US financial exchanges about dangers from hackers and ensuring they follow guidelines to steer clear of cyberthreats.
Hacker chat
The employees were found to be flouting standard procedure within the SEC that demands that data on laptops be encrypted to protect it in the event of that device being lost or stolen. The laptops contained sensitive information about the inner workings of many US financial markets.
To compound the mistake, the unprotected laptops were taken when some SEC staff travelled to the Black Hat convention which gathers security hackers together to talk about the latest security threats.
The $200,000 bill was run up as the SEC paid a security firm to carry out forensic tests to ensure that the data had not been tampered with or booby-trapped.
The report into the security lapse was co-ordinated by the Jon Rymer, the SEC's interim inspector general. The SEC has declined to comment on Reuter's findings.[/quote]I'm not entirely sure if "Not been tampered with" means that no one accessed it, or that no one edited it.
That's a pretty fucking big blunder if you ask me.
How in the holy mother of God do you not realize how fucking stupid it is to take that sort of stuff to not just any hacker convention but a BLACK HAT one at that?
[QUOTE=Sir Whoopsalot;38395453]How in the holy mother of God do you not realize how fucking stupid it is to take that sort of stuff to not just any hacker convention but a BLACK HAT one at that?[/QUOTE]
its not a black hat convention
its called Black Hat - its a big convention where all the big players in information security go to show off new products
which is why this is even more hilarious
[QUOTE=Aide;38382937]Maybe the SEC can start doing their job and actually start convicting companies for fraud.[/QUOTE]
Sorry, you need to Log In to post a reply to this thread.