Shostack + Friends Blog Archive


The butler did it

There’s a feeling you get when you watch a formulaic movie. After seeing a half-hour’s worth, you just know how it will end. You can see the decision points characters reach, and you know they’ll make the bad choice. Indeed, the very predictability of such films is what allows hilarious parodies such as Airplane! or Scary Movie to succeed.
Anyhoo, I got that same “I know how this is going to end!” feeling when I read the following (via Dataloss):

Matrix Bancorp Inc. disclosed late Friday that it was investigating the
theft of two personal computers from the bank’s downtown branch on Friday,
July 28, one of which contained personal account information on an
undisclosed number of customers.
The bank said in a news release that thieves apparently entered offices in
the company’s headquarters tower at 17th and California streets in Denver
between 1:30 and 2:30 p.m., and removed the laptop computers while
staffers were away from their desks. One computer contains what the bank
called “certain proprietary information regarding Matrix Capital Bank and
some of its customers … ”

Denver Business Journal
But guess what? The folks at the bank proved me wrong, and threw in a plot twist:

The data, the bank said, is fully encrypted and password-protected

The article goes on to say that despite the use of encryption, the bank is still notifying potentially-impacted customers, and is supplying credit-monitoring and fraud detection services via Equifax.