GE Money Backup Tape With 650,000 Records Missing At Iron Mountain
Iron Mountain can't find a backup tape belonging to GE Money that contains information on customers of J.C. Penney and about 100 other retailers.
"How are companies really doing when it comes to records management?" That's the question data storage service provider Iron Mountain asks on its Web site.
Really, companies -- and Iron Mountain -- could do better. Iron Mountain can't find a backup tape belonging to GE Money that contains the personal information of some 650,000 customers of J.C. Penney and about 100 other retailers. GE Money handles credit card processing for the affected retailers.
The missing data includes about 150,000 social security numbers, according to an Associated Press report.
GE Money requested the backup tape from an Iron Mountain vault in October, according to a statement issued by Iron Mountain. When the tape could not be located, Iron Mountain personnel began looking for it. The tape remains unaccounted for.
"We believe this is an unfortunate case of a misplaced tape; there has been no evidence to suggest that the media was obtained by unauthorized persons or has been misused in anyway," Iron Mountain said in an e-mailed statement. "We also understand the tape was created in such a manner to make unauthorized access extremely unlikely and difficult, even for experts with specialized knowledge and technology."
A spokesperson for GE Money did not immediately respond to a request for comment.
GE Money is reportedly paying for a year of credit monitoring service to help protect those whose social security numbers were on the tape from identity theft.
Iron Mountain, however, insists that identity theft isn't an issue. "An accidental loss of a back-up tape is not an identity theft issue or a crime; it is distinctly different from previous cases of malicious hacking or PC theft," the company said. "Since we notified GE Money of the missing back-up tape in October, there has been no evidence to suggest that any person's identity has been compromised as a result. And we don't know of any incident, ever, when a lost back-up tape has resulted in identity theft."
The Identity Theft Resource Center put the number of publicly reported data breaches in the United States at 446 for 2007. It identified 312 data breaches in 2006 and 158 in 2005. But not everyone believes data breaches are rising. A blogger who goes by the name "Dissent" recent published an analysis of data breach statistics that finds a decrease in data breaches and records exposed.
According to a study conducted by the Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006.
However, such statistics clearly don't apply in every case. By that measure, TJX's loss of as many as 94 million customer records in a breach reported a year ago would cost the company $18.5 billion, about 50% more than its current market capitalization. To judge by the company's stock performance over the past year, whatever brand damage occurred as a result of the breach hasn't significantly affected the company's revenue.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.