Back-up data theft: a continuing danger

Over the past year there have been several cases of organizations losing back-up tapes as they were in transit to a third-party storage facility. All of the cases that have hit the headlines have one thing in common: the data on the tapes was not encrypted.

Several recent examples have highlighted the problem of back-up data theft.

Examples of companies losing tapes include Time Warner, which lost a container of back-up tapes, the contents of which included personal information on current and former employees. The tapes were being transported by an external company to its storage facilities.

Bank of America suffered a similar fate when it lost tapes containing federal workers’ customer and account information, while in transit to a back-up data center. CitiFinancial lost tapes containing the personal information of 3.9 million customers, again while in transit to a storage facility.

A more recent example occurred in December 2005, when a number of back-up tapes belonging to the timeshare unit of Marriott International disappeared from a Florida office. The information on the tapes relates to 206,000 employees, timeshare owners, and timeshare customers of Marriott Vacation Club International and includes Social Security numbers and bank and credit card details. Early indications suggest that as the tapes were not lost in transit: there could be employee involvement in the loss.

In addition to the problems caused by the loss of the data itself, there is also brand damage, which can be considerable if sensitive customer information is involved. As seen in the above examples, a significant danger for organizations is the risk of data being intercepted if it is sent outside the organization, particularly if the job of collecting the data is tasked to a third-party.

Some of the danger points include back-up tapes being delivered to the wrong customer when they are returned for retrieval, tapes being stolen from a van or truck while other tapes are being collected from another organization, and employees of the outsourcer colluding with other external parties to steal tapes.

These dangers can be alleviated by taking simple precautions. For example, all data that is to be stored off-site must be encrypted. It is virtually impossible to prevent the theft of tapes, but if the data is encrypted, the contents of the tapes will be unreadable to unauthorized persons and therefore of little value to third-parties.

Despite the above cases, organizations are still failing to encrypt back-up data that is sent to off-site storage, and while there are organizations that do not encrypt their back-up data, this type of security breach will continue to hit the headlines.

Source: OpinionWire by Butler Group (www.butlergroup.com)

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing