On CBS MoneyWatch: What's the Biggest U.S. Scam?
BNET Business Network:
BNET
TechRepublic
ZDNet

June 4th, 2008

NY Bank 'loses' 4.5M unencrypted customer records

Posted by Michael Krigsman @ 7:20 am

Categories: CIO issues, IT issues, Security and privacy

Tags: Bank, Tape, BNY Mellon, Identity Theft, Financial Services, Security, Michael Krigsman

Identity theft

In yet another unbelievable story of data irresponsibility, the Bank of New York (BNY) Mellon lost two sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes “included shareowner and plan participant account information, such as name, mailing address, Social Security number, and transaction activity.”

Responding to the bank’s delay in reporting one incident, which took place on February 27, 2008 but was not disclosed until the end of May, Connecticut Governor, Jodi Rell, said:

The disastrous effects of identity theft are virtually instantaneous in today’s computerized world, and the lag time between the theft and the notification only aggravates what is an already outrageous situation.

BNY Mellon’s chief risk officer, Todd Gibbons, said the bank now plans to improve security related to backup tapes. From Computerworld:

To bolster its security controls, the bank said it will now require that any confidential data written on tapes or CDs for transport must be encrypted or transported with undisclosed additional data protections. Further, when “technically feasible,” the bank will demand that encrypted confidential data be delivered to off-site facilities electronically, noted Gibbons.

After exposing 4.5 million people to identity theft, it seems the notion of tape encryption suddenly popped into their heads. In my opinion, BNY Mellon should fire Todd Gibbons immediately for this serious breach of public trust and fiduciary responsibility. Think my perspective is too severe? Then see stories about identity theft victims, such as those described on privacyrights.org.

I continue to believe strong legislation and strict penalties, including the threat of jail time, is the only way to solve this common problem. If HSBC, the UK’s largest bank, is willing to send out unencrypted data, then this is truly a massive issue. Industry self-policing has not worked and it’s time the government enacted preventive regulation.

Michael KrigsmanMichael Krigsman is CEO of Asuret, Inc., a software and consulting company dedicated to reducing software implementation failures. Click here to discuss this post with him on Twitter. See his full profile and disclosure of his industry affiliations.

Email Michael Krigsman

Subscribe to IT Project Failures via Email alerts or RSS.

  • Talkback
  • Most Recent of 71 Talkback(s)
Tapes could be read with $500 PC and $2K tape drive
Most likely the tapes were actually a set of cartridges in a magazine the size of a shoe box. Very easy to drop into a small backpack and walk off with.

To read them, all you need is a used sin... (Read the rest)
Posted by: terry flores Posted on: 06/22/08 You are currently: a Guest | | Terms of Use
Data lost AGAIN.............  nellwal@... | 06/04/08
Based on the title of the article Unencrpyted Customer Records.  mrlinux | 06/04/08
Tape readers are available  mkrigsman@...ZDNet Moderator | 06/04/08
"two sets of unencrypted backup tapes"  ye | 06/04/08
Very Good Link, it's a must read!  joe.smetona@... | 06/04/08
Wow are you guys pathetic.  ye | 06/04/08
same ol same ol  pcguy777 | 06/04/08
Truly CLUELESS or just a TROLL?  flyingbuick | 06/04/08
Obviously, none of you guys read his link...  joe.smetona@... | 06/05/08
TrueCrypt  Mike (not Cox) | 06/05/08
Storage not hard to find.  joe.smetona@... | 06/05/08
Curious  brad@... | 06/06/08
Virus information.  joe.smetona@... | 06/09/08
Lost? Yeah right!  Rich2020 | 06/04/08
Does that include...  djchandler | 06/04/08
It is within the realm of possibility  flyingbuick | 06/04/08
most states have laws now... that state private data must be encrypted  pcguy777 | 06/04/08
Lost or Stolen  bellone | 06/05/08
FINALLY! SOMEONE is awake out there!  Ethical_Loner | 06/05/08
RE: Bank of NY  sam8988378 | 06/04/08
It was shareholder services....  MGP2 | 06/05/08
More than that  jheine | 06/10/08
RE: Bank of NY  timbrady1124@... | 06/04/08
RE: Bank of NY  bbeach@... | 06/04/08
RE: Bank of NY  Hsbarney@... | 06/04/08
Takes more than a tape drive...  panzrwagn | 06/04/08
The expertise is readily available: For example . . .  NeverLift | 06/04/08
Actually, it's not that hard  maldain | 06/04/08
UNIX can do this by default.  ye | 06/04/08
Tapes could be read with $500 PC and $2K tape drive  terry flores | 06/22/08
There's nothing to suggest the tapes in question were...  ye | 06/04/08
RE: Bank of NY  EasyDoesIt | 06/04/08
They transport money, don't they?  NeverLift | 06/04/08
There are guns encrypting money transport  dhatt@... | 06/04/08
So, use armed transport for the tapes. Duh!  NeverLift | 06/04/08
Earth to Todd  tyemanuel@... | 06/04/08
RE: Bank of NY  mlees123 | 06/04/08
two words:  magallanes | 06/04/08
Ah, the innocence of youth  NeverLift | 06/04/08
Losing data should hurt those who lose it  ochevet | 06/04/08
That was my point exactly  mkrigsman@...ZDNet Moderator | 06/04/08
RE: Bank of NY  erm@... | 06/04/08
RE: Bank of NY  Gyaunt | 06/04/08
Class action suit  martinets2@... | 06/04/08
Class Action Suit  marsh@... | 06/05/08
The other problem...  jheine | 06/10/08
RE: Bank of NY illustration  Uncle Caleb | 06/04/08
I got hit by this breach  g_stricker@... | 06/04/08
I feel your pain  jheine | 06/10/08
RE: Bank of NY  tbanks204 | 06/04/08
RE: Bank of NY  grummantoo@... | 06/04/08
RE: Bank of NY  gbakmars | 06/04/08
RE: Bank of NY  twaynesdomain | 06/04/08
RE: Bank of NY  simpsb@... | 06/04/08
RE: Bank of NY  vincejg327@... | 06/04/08
RE: Bank of NY  chris@... | 06/04/08
RE: Bank of NY  phatkat | 06/04/08
RE: Bank of NY  barquiero | 06/04/08
I bet this data is stolen from insiders getting kickbacks from...  pcguy777 | 06/04/08
RE: Bank of NY  Gone in 60 seconds | 06/04/08
Screwed by BNY Again  jonnjonnzdnet | 06/05/08
Screwed by BNY Again  jonnjonnzdnet | 06/05/08
RE: Bank of NY  PSWAX | 06/05/08
EVERYONE has missed a key factor in this story...  NHMtnMan | 06/05/08
Don't let them off the Hook!  gfowler@... | 06/05/08
Bank of NY is responsible  mkrigsman@...ZDNet Moderator | 06/05/08
Let's not forget  jheine | 06/10/08
who is the third party vendor and why are they in the shadow?  domma | 06/05/08
Cost of Encryption not a factor at all.  joe.smetona@... | 06/05/08
Not Uncommon for this and other IT problems.  joe.smetona@... | 06/05/08
RE: Bank of NY  jhendry@... | 06/22/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement
Click Here

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here