Good news if you work for Armstrong World Industries, a manufacturer of floors, ceilings and cabinets. The company in 2005 achieved revenues of $4bn, but didn't feel the need to invest any money in a decent security policy and enforce it.

As the company reported on 25 July, this policy resulted in the loss of confidential information including social security numbers on 12,000 of its employees. The data was stored on a laptop that was stolen from company's auditor Deloitte & Touche.

28 Jul 2006

Let's all say "thank you" to Armstrong World Industries and Deloitte & Touche for emphasising the need for harsh penalties against security ignorance.

There is also great news also for a group of up to 23,000 patients of the George Washington Hospital in Washington DC. You probably survived your treatment at the facility, but it isn't that certain that you'll survive the incompetence with InstantDx, a partner that attempted to provide electronic prescriptions.

InstantDx succeeded in exposing data including social security numbers for between 5,600 and 23,000 patients, the hospital disclosed on Wednesday. Amazingly, no medial or prescription data was leaked, only data that can really hurt consumers. George Washington Hospital wisely suspended the trial with InstantDx.

Let's all say "thank you" to InstantDx for demonstrating that security is strategic instead of merely a pesky added cost that gets in the way of your corporate greed.

To round out Wednesday's series of embarrassing security unveilings, a US subsidiary of the UK based financial services firm Old Mutual, realised that "sometime in May" a laptop was stolen. It contained data on 6,500 fund shareholders, including all the details that an identity thief would ever need.

Hopefully the financial services firm is better at investing than it is at securing its data. It's investors after all will need money to monitor their credit scores and fight claims for years to come.

Let's all say: "thank you" to Old Mutual for providing proof that unencrypted confidential data stored on a laptop really is a great way for identity thieves to strike it rich.

And let's finish off by thanking the privacyrights.org website for providing an overview of all these cases of data security incompetence.

technorati tags: securty, identity, theft, fraud, ssn, incompetence,