Like most people in Ireland I listened to the story of how the Irish Blood Transfusion Service (IBTS) had a laptop stolen in New York with the details of 171,000 blood donors on it, not least because, as a blood donor, there is a good chance some of my data is involved.
The IBTS has said that
The records were on a CD that was encrypted with a 256 bit encryption key. These records were transferred to a laptop and re-encrypted with an AES 256 bit encryption key. This represents one of the highest levels of security available and to our knowledge there is no record of a successful attack against this level of encryption.
Unfortunately, people who were relying on Apple’s FileVault, or Window’s Bitlocker encryption software to keep their data secure, were probably equally satisfied with that AES encryption until yesterday when a group from Princeton demonstrated how that encryption could be broken with a bit of liquid nitrogen!
The IBTS justified the fact that people’s personal information was in New York because the IBTS are updating their software and wanted to bring live data with them with which to test the new software. Why it didn’t occur to them to obfuscate the information which could identify people I really can’t understand. You can never rely on encryption alone.