Lost Backup Data Highlights Information Security Risks
Lost Backup Data Highlights Information Security Risks
September 8, 2008: The Connecticut Attorney General in the U.S. has slammed the Bank of New York Mellon for losing personal information of an additional 135,000 customers – far more than originally reported for the state - highlighting the risks and consequences of unencrypted backups.
Despite a wealth of high-profile incidents and increasingly hefty laws and fines being levied on careless corporations, barely a week goes by when personal information data is not lost, and more often than not data security on the missing tapes, drives or notebooks is extremely weak.
In the case of the Bank of New York Mellon, 500,000 CT were reported to have had their details exposed during a data breach in February this year when unencrypted backup tapes were stolen from a van en route to a storage facility.
However, CT Attorney General Richard Blumenthal has announced that the personal information of 135,000 more Connecticut residents than originally reported was exposed, bringing the state total to 650,000 so far out of an increasing nation-wide total of 12 million customers.
Blumenthal is now demanding additional information and has indicated that sanctions, including fines and penalties, could be imposed on the bank.
The bank is notifying all affected consumers by mail. Anyone wishing to know immediately whether their data was lost or seeking additional information should call Mellon at 877-289-0136. Consumers will be asked to provide their Social Security numbers.
“I have demanded prompt, proactive steps to safeguard consumers - after an inexcusably long delay in identifying and informing Connecticut citizens,” said Blumenthal.
“I am continuing our investigation and seeking all appropriate relief and sanctions for the bank's grossly inept and incomplete response to this huge data breach. We are working with other states on possible remedies, including fines and penalties.
“Mellon's delay in notifying is inexcusable and inexplicable. More than 130,000 state residents are learning only now - nearly seven months after the fact - that their most sensitive personal data may have been stolen, exposing them to the nightmare of identity theft.”
Like the ongoing HMRC saga in England, this incident highlights the importance of proper security when dealing with sensitive personal information, and just how necessary encryption is for mobile data.
Comment on this story