Sunday, February 26, 2006

There are morons, there are criminal morons, and there's Deloitte

Having just finished my previous post about corporate America losing control over more than 53 million records annually (see " Every minute a sucker is born, with a one in two chance of being robbed of his identity"), I'm shaking my head about an ever bigger degree of utter stupidity.

This time it's an auditor from Deloitte&Touche, and the number of compromised records may be small but the criminal carelessness is not. Turns out, the moron left an unencrypted backup disk in an airplane seat pocket, containing privacy-sensitive information of more than 9000 of McAfee's employees and ex-employees.

Unencrypted? Just left it? Yes, together with a couple of music CDs. Ah well, sh* happens, doesn't it?

There are several reasons to hang audit company Deloitte&Touche from the highest tree for this. First, the incident occurred on December 15th, 2005 but Deloitte didn't seem to think it important enough to report until three weeks later, on January 8th.

Secondly, even now Deloitte doesn't have the decency to provide the public information about the incident. All of the above information was provided by a McAfee spokesbot while Deloitte made sure its public relations people were kept out of reach.

And thirdly, it was Deloitte's decision not to encrypt the data, a decision in direct breach of their client's policies. After all, McAfee is an IT security company.

A nice example how one turns 'moronic' into 'criminally moronic'.

No comments: