HDTV/3D TV News
A theft incident involving the data of 3.3 million people in the US has ended well, with 650 CDs and floppy disks containing data on current plus former student loan customers of a US credit insurer ending up being recovered, says Credant Technologies.
According to Sean Glynn, product manager with the data security specialist, police recovered the media within 48 hours, after a safe containing the disks was stolen from the Minnesota headquarters of the Education Credit Management Corp. (ECMC).
“The company concerned has ended up offering a year of free credit monitoring to 3.3 million people, which is an expensive exercise in itself, but the situation could have been a lot worse,” he said.
“According to reports from ECMC, the media contained the borrowers’ names, addresses, birth dates and Social Security numbers, and was stored in two large safes.
Police say they located the opened safes – and the disks, still in their original packaging, were found in the trash nearby,” he added.
Glynn says that the credit insurance firm has had to write to all 3.3 million people offering them credit monitoring with Experian, but the incident shows that storing unencrypted data – even in a supposedly secure fireproof safe – cannot protect against the unexpected.
In this case, he explained, the unexpected involved a set of thieves using heavy lifting equipment to take the two safes off-site, where they were illegally opened.
More than anything, however, the Credant product manager says that the incident – although it ended reasonably well for the company concerned – has still cost it a substantial amount of money and damaged its credibility.
“What the company should have done is to encrypt the data before storing it on the media.
“In fact, all the firm’s customer data should be encrypted, including when back-ups are made using external media, so the records are still protected,” he said.
“The firm concerned claims there is no real risk of the data being compromised, but the reputational and financial damage has now been done. This could all have been avoided with a little endpoint and removable media encryption,” he added.
Comments (0)
