A note on personal information security...

Three weeks ago, a bag containing my corporate laptop and ID was stolen from my car in Stanley Park, Vancouver, B.C.  Suffice to say, it has not been a pleasant experience.  I thought I’d mention it here to warn you of a few things that I’d never considered.

First, there’s the property loss of approximately $3500 US.  That’s to be expected in a theft of this nature:  a broken window ($400); a laptop ($2500); laptop accessories ($200); the bag itself ($100).

Second, there’s the loss of personally identifiable information.  The PC itself was secured with strong passwords.  And, Microsoft Security was able to cancel my access to corporate systems until I was able to return to the office, get a replacement badge and change my passwords. But, my latest personal backup CDs were also in the bag.  Those were not secured.  The files on them contained a gold mine for an identity thief:  unsecured soft copies of my credit report.  Needless to say, my wife and I have done everything in our power since then to ensure that we are not targetted.  Here’s a short list of what we did:

  • Placed a fraud watch on our credit reports with all of the major agencies:  Equifax, Experian, and Trans Union
  • Cancelled all of our credit cards (as if they’d been stolen)
  • Changed all of our bank accounts (as if the check books had been stolen)
  • Changed all of our direct deposits and withdrawls
  • Changed all of our investment accounts
  • Changed all of our online passwords for all of these accounts (to strong passwords)

And, finally, there’s the loss of data in general when you don’t backup frequently.  Because my most recent backups were in the bag, I had to revert to an older backup.  I lost months of data.  Nothing that I can’t replace.  But, it still hurts.

I now have a new appreciation for the term information security.  And, I’ve been investigating ways of preventing a similar fire drill should this happen again.  At the moment, I’m leaning toward installing PGP Desktop and creating virtual disks for highly sensitive personal information.  This will allow me to backup the data in a secure manner by copying the encrypted “disk” file to CD.  I am also considering investing in a fire retardant safe in which to keep these CDs.

Lessons learned:

  • Don’t leave valuables visable in your unattended car.
  • Secure your personally identifiable information – especially on backups.
  • Backup frequently!  And, always make two copies of your backups.  Put one in a safe place.  Keep the other one out for reference.

I hope you never experience this.