Iron Mountain can't find a backup tape belonging to GE Money that contains information on customers of J.C. Penney and about 100 other retailers.

Thomas Claburn, Editor at Large, Enterprise Mobility

January 18, 2008

3 Min Read

"How are companies really doing when it comes to records management?" That's the question data storage service provider Iron Mountain asks on its Web site.

Really, companies -- and Iron Mountain -- could do better. Iron Mountain can't find a backup tape belonging to GE Money that contains the personal information of some 650,000 customers of J.C. Penney and about 100 other retailers. GE Money handles credit card processing for the affected retailers.

The missing data includes about 150,000 social security numbers, according to an Associated Press report.

GE Money requested the backup tape from an Iron Mountain vault in October, according to a statement issued by Iron Mountain. When the tape could not be located, Iron Mountain personnel began looking for it. The tape remains unaccounted for.

"We believe this is an unfortunate case of a misplaced tape; there has been no evidence to suggest that the media was obtained by unauthorized persons or has been misused in anyway," Iron Mountain said in an e-mailed statement. "We also understand the tape was created in such a manner to make unauthorized access extremely unlikely and difficult, even for experts with specialized knowledge and technology."

A spokesperson for GE Money did not immediately respond to a request for comment.

GE Money is reportedly paying for a year of credit monitoring service to help protect those whose social security numbers were on the tape from identity theft.

Iron Mountain, however, insists that identity theft isn't an issue. "An accidental loss of a back-up tape is not an identity theft issue or a crime; it is distinctly different from previous cases of malicious hacking or PC theft," the company said. "Since we notified GE Money of the missing back-up tape in October, there has been no evidence to suggest that any person's identity has been compromised as a result. And we don't know of any incident, ever, when a lost back-up tape has resulted in identity theft."

The Identity Theft Resource Center put the number of publicly reported data breaches in the United States at 446 for 2007. It identified 312 data breaches in 2006 and 158 in 2005. But not everyone believes data breaches are rising. A blogger who goes by the name "Dissent" recent published an analysis of data breach statistics that finds a decrease in data breaches and records exposed.

According to a study conducted by the Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006.

However, such statistics clearly don't apply in every case. By that measure, TJX's loss of as many as 94 million customer records in a breach reported a year ago would cost the company $18.5 billion, about 50% more than its current market capitalization. To judge by the company's stock performance over the past year, whatever brand damage occurred as a result of the breach hasn't significantly affected the company's revenue.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights