City worker loses USB stick containing data on every resident after day of drinking

City worker loses USB stick containing data on every resident after day of drinking

A person working in the city of Amagasaki, in Western Japan, has mislaid a USB stick which contained data on the city’s 460,000 residents.

The USB drive was in a bag that went missing during a reported day of drinking and dining at a restaurant last Tuesday. The person reported it to the police the following day.

Data on the USB drive included names, gender, birthdays, and addresses. Other additional personal details were included, though it’s not been revealed what this is. Bank account numbers of households receiving welfare also found themselves on the USB drive.

Safety first pays dividends

The one piece of good news to emerge from this story is that the drive was both encrypted and password protected. So, providing they used a good password, if someone finds the USB drive and plugs it into a computer, they won’t be able to just open up the files and view the contents.

If whoever put this drive together hadn’t bothered with security measures, the first person to find the lost drive would have a data payday on their hands. Perhaps as a result of this cautious approach, there’s been no evidence or reports of the data being leaked so far.

How to safely transfer data

There is the question of why this data was on a USB stick in the first place. According to CBSNews, it was being transferred to a call center in Osaka. There are plenty of alternatives to ferrying data around on easily lost USB sticks. While some industries have strict compliance and regulatory standards, others may simply not be able to use third-party products for a variety of reasons. Even so, anything along these lines is surely better than “I lost a USB stick on a night out”. With this caveat out of the way:

  • Secure File Transfer Protocol (SFTP). This is used in business as a way to securely send files from one device to another. Files sent using this method are done so via an encrypted connection. One potential drawback here is you’ll likely need software installed on all the machines receiving the files. If you need to send data to another organisation, this can quickly become complicated or unfeasible. Additionally, not everyone believes it’s a suitable option for secure file transfer when more custom-built solutions are now available.
  • Data in the cloud. Third party cloud products like Dropbox and Box allow you to store, and share, files. They both have lots to offer, with Box in particular being specifically geared towards business solutions. Multi-factor authentication, malware detection and leak prevention, encryption and compliance: it’s all there. Services like the above are increasingly more popular in business circles where secure, pain-free data transfer is required but the in-house knowledge required to do it yourself isn’t to hand.
  • Encrypting your data and yourUSB drive. In some situations it may well be “USB drive or nothing at all”. If you’re using Windows 10 Home, you’ll need to use a third-party solution to encrypt files as the option will be greyed out. If you’re on other versions like Pro and Enterprise, the encryption option will be available to you. Right click your file(s), then select Properties -> Advanced -> Encrypt contents to secure data. As for the drive itself, you’ll once again have to rely on third-party tools if you’re running Windows 10 Home. Otherwise, you can secure the drive with Bitlocker. Mac users should select the Encrypt USB stick option from the location entry, then create and verify the encryption password. Be sure to set a password hint, too. Hit Encrypt Disk to complete the process.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.