USB encryption vendor suffers computer breach

None of the financial information belonging to customers of Kingston Technology has been misused, according to a statement from the Fountain Valley, Calif.-based company. The affected customers purchased Kingston products online.

The US$3.7 billion company, which launched USB drives with hardware-based encryption in March 2006, specializes in memory products.

David Leong, a Kingston spokesman, told SCMagazine.com today that the compromised data was encrypted, "but that is no guarantee that it cannot be accessed."

The breach was discovered after IT workers discovered "irregularities" in the computer system, he added. A forensic security firm investigation confirmed the incident.

Kingston is notifying customers and taking "aggressive steps to minimize any potential risk to those affected and to protect their personal information," the company said.

The firm has contracted Kroll, a New-York based risk consulting company, to offer free credit monitoring.

"Kingston has always made customer privacy a priority and deeply regrets this situation, which is the first of its kind in the nearly 20-year history of the company," the company said. "We are confident in the thorough response we have taken to ensure data security and maintain the faith and trust of our customers."

Paul Proctor, a research vice president at Gartner, told SCMagazine.com that cybercriminals are not scared of by security vendors, nor do they necessarily target them.

"The outsiders that attack these guys go wherever they find a weakness," he said. "There are literally hundreds of ways of compromising computers, and nobody protects themselves from all of them."

This is at least the second time a security firm experienced a breach this year. In May, IBM, which invented magnetic tape storage and has emerged as a data encryption leader, lost an undisclosed number of backup tapes containing the personal information of employees.