Topics:

Bank's lost data controversy

Tools

One of the oldest data breach mishaps is unfortunately still a potential problem at many companies.

People tend to chuckle when they hear about companies who inadvertently lose data by sending back up tapes to the wrong location and then misplacing it. In some cases, people responsible for transporting the tapes to a secure site have chucked them in trash dumpsters. It's sort of funny as long as it doesn't happen to your company.

The issue has cropped up again in the wake of TD Ameritrade's announcement that two backup tapes containing the personal information of customers (possibly including social security numbers and other sensitive of data) were misplaced in late March while in transit to one the bank's locations. The bank did not specify to where the tapes were being shipped, nor did the banks indicate whether the data was encrypted, which is decent sign that it was not. The bank has no indication that the information has fallen into the hands of criminals, though it continues to monitor activity in affected accounts.

The breach is not going over well in Massachusetts, where the state has opened an investigation. Customers in a host of other states were also affected, including California, Florida, Maine, Connecticut, Maryland, New Hampshire and Rhode Island. In the wake of breaches, several companies have faced controversy over the time it took to notify customers and law enforcement authorities. That issue has cropped up again.

BankInfoSecurity notes the views of one expert who says that, "The best practice is to contact AGs [attorneys general] in the affected states right away. If they learned of the breach in March, then they've obviously not met the timing requirements...of most states' breach-notification laws."

The bank could justify the late notification, the expert said, "if law enforcement told bank officials that notifying the public too soon could jeopardize an investigation."

The bank could be in for some litigation over this, one the main reasons that data breaches end up being so costly.

For more:
- here's the article

 

Filed Under