(By Info-Tech Analyst James Quin - Printed with permission from Processor magazine www.processor.com).
On Feb. 27, 2008, the Bank of New York Mellon shipped a tape containing the personal information of more than 4.5 million clients to an Archive America offsite storage facility. That tape never arrived. The information contained on the tape included (among other things) names, birthdates, and Social Security numbers—exactly the information desired by identity thieves. Even though the information contained on the tape was clearly of an extremely sensitive nature, encryption was not used. Loss of the tape was not reported until almost a month later, and it has yet to be recovered. Although Archive America lost the tape, BNY Mellon is in the news because the data was entrusted to BNY Mellon by its customers in the first place.
While this is the most serious data breach so far in 2008, it is by no means the only one. According to PrivacyRights.org, through the end of May, there have been 155 acknowledged data breaches of customer data of one kind or another. Some, such as the BNY Mellon incident, involve tape loss, while others occurred as a result of laptop theft/loss, server theft, or inappropriate posting of sensitive data to public access areas. In almost all cases, the data that has gone missing has included Social Security numbers, credit/debit card numbers, or both.