P2018-ND-139

he Organization is a sole practitioner psychologist. On June 29, 2018, a password protected laptop computer was stolen from a vehicle outside his home. The laptop was protected by a password but the hard drive was not encrypted. The laptop contained a desktop Dropbox application on which various electronic client files were stored, some of which were protected using Microsoft Word?s ?encrypt with password? feature. Some files were PDF documents and were not further encrypted or password protected. The Organization reported that Dropbox requires a password to access the online version of the application. The version of the Dropbox application on the laptop, however, was a downloaded version that did not require an additional password to access the files and folders once access to the hard drive was obtained. The Organization cannot be certain that any of the MS Word or PDF files were actually available within the Dropbox application that had been downloaded to the laptop; the Organization is only surmising this from knowledge that the downloaded version of the application sometimes automatically syncs with the Dropbox account when a computer is connected to the internet. The breach was discovered on June 29, 2018. The laptop has not been recovered.

File Type: pdf
File Size: 339 KB
Categories: 2018