Data Security: Bank of America says tapes with customer data lost
[FAC: I wonder what the IT guys over in BoA were saying about ChoicePoint's dilemma prior to this incident. This morning I was asked by a colleague why banks wouldn't consider sending their data over lightwaves instead of trucking magnetic tapes overland or by air freight. Good question, and one I've been asking clients since about 1988. The fact is that some do, but for reasons that don't always meet the naked eye many still don't, or only do so partially. It makes for an interesting risk analysis, considering both the countervailing threats and the economies that might be achieved by using either approach. I went to the BoA web site where I found this story reported in a slightly different manner than the article copied immediately below. See the BoA press release at the bottom of this page. Here's a snippet: "Bank of America today confirmed that a small number of computer data tapes were lost during shipment to a backup data center. The missing tapes contained U.S. federal government charge card program customer and account information." Does the bank know how to administer damage control, or what? In an age when I can store hundreds of full-length songs on my iPod, how many IDs do you think you might be able to fit on a small number of tapes?]
------
Bank of America says tapes with customer data lost
Fri, Feb. 25, 2005
siliconvalley.com
CHARLOTTE, N.C. (AP) - Bank of America Corp. has lost computer data tapes containing personal information on 1.2 million federal employees, including some members of the U.S. Senate.
The lost data includes Social Security numbers and account information that could make customers of a federal government charge card program vulnerable to identity theft.
Sen. Pat Leahy, D-Vt., is among those senators whose personal information is on the missing tapes, spokeswoman Tracy Schmaler said.
``There were some senators' Visa credit card accounts involved,' Schmaler said. ``We don't know how many, but he was one of them.'
The bank issued an apology.
``We deeply regret this unfortunate incident,' said Barbara Desoer, who is in charge of technology, service and fulfillment for the Charlotte-based bank. ``The privacy of customer information receives the highest priority at Bank of America, and we take our responsibilities for safeguarding it very seriously.'
Leahy has been a leader of calls this week for a Senate Judiciary Committee inquiry into whether more regulation of companies that buy and sell personal data is needed.
That came after the disclosure that ChoicePoint Inc., a data warehouser, had learned that as many as 140,000 consumers may have had their personal information compromised.
``I hope this latest incident at least will bring the issue closer to home so Congress will pay better attention to the rapid erosion of privacy rights that ordinary Americans are facing as more and more of their personal and financial information is collected and sold on databases that too often have too few privacy protections,' Leahy said in a statement Friday.
U.S. Sen. Charles Schumer, D-N.Y., said he was told the data backup tapes were likely stolen off of a commercial plane by baggage handlers in December.
``Whether it is identity theft, terrorism, or other theft, in this new complicated world baggage handlers should have background checks and more care should be taken for who is hired for these increasingly sensitive positions,' he said.
Bank spokeswoman Eloise Hale called the system of shipping backup tapes ``an industry practice and a routine bank practice. As a safety precaution measure, backup tapes are stored in different locations.'
She declined to give any more details about where and how the tapes are moved around the country.
The missing tapes include information on federal employees who use Bank of America ``smart pay' charge cards for travel and expenses, Hale said Friday.
She said federal law enforcement officials were notified as soon as the tapes were discovered missing.
``The investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost,' the bank said in a news release.
--------------------------------------------------------------------------
From the Bank of America Web Site's News Releases:
Bank of America Confirms Lost Data Tapes
February 25, 2005
Reporters May Contact
Alexandra Trower, Bank of America 212.933.3382 (o), 917.971.4168 (c)
CHARLOTTE, NC -- Bank of America today confirmed that a small number of computer data tapes were lost during shipment to a backup data center. The missing tapes contained U.S. federal government charge card program customer and account information.
Federal law enforcement officials were immediately engaged when the tapes were discovered missing, and subsequently conducted a thorough investigation into the matter, working closely with Bank of America. The investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost.
Government cardholder accounts included on the data tapes have been and will continue to be monitored by Bank of America, and government cardholders will be contacted should any unusual activity be detected. No unusual activity has been observed to date. Per standard Bank of America policy, government cardholders will not be held liable for any unauthorized use of their cards.
Law enforcement authorities have now given Bank of America permission to notify by letter any U.S. General Services Administration (GSA) SmartPay® charge cardholders whose information may have been on the tapes. U.S. GSA SmartPay® charge cardholders with questions or concerns may contact the following special toll-free number – 1.800.493.8444 – for further assistance.
“We deeply regret this unfortunate incident,” said Barbara Desoer, Global Technology, Service & Fulfillment executive for Bank of America. “The privacy of customer information receives the highest priority at Bank of America, and we take our responsibilities for safeguarding it very seriously.”
------
How's that for damage control?
FAC
frank@fttx.org |
