J.C. Penny appointed the firm GE Money to run its credit card operations. But Thursday, an announcement regarding the lost of a backup tape that held personal details of almost 650,000 shoppers, seemed to reveal a J.C. Penny identity theft.
According to GE the tape has been missing since last October and it contains 150,000 Social Security numbers. A worker at a warehouse run by Iron Mountain Inc noticed the absence.
If the data was encrypted, the company would have assured the customers that their identities are safe. Richard C. Jones, GE Money spokesman, declared that, for customers whose Social Security numbers were on the tape, the company gave money 12 months of credit-monitoring service.
Iron Mountain spokesman, Dan O'Neill asserted that they almost never know the details about the information on the media they transport or if they are encrypted or not. As good news, on this specific tape, an unauthorized person is less possible to have easy access.
A similar incident, involving Iron Mountain, took place some few months ago. Bank account data and Social Security numbers for almost all Louisiana college applicants and their parents was lost for the period of 1998 since 2007.
An industry analyst with the Stillwater Minn.-based StorageIO Group, Greg Schulz, stated that is unlikely that a cybercriminal would steal data from any missing tapes. It involves hard working and spending money. More likely, the tapes are just lost or misplaced.
Some companies encrypt data on backup tapes, in order to encourage security. Others are working with radio frequency identification and global positioning.
Eric Maiwald, a specialist at Midvale, Utah-based Burton Group, explained that, although IBM has brought in encrypting tape drives and most back up software, it still needs to the switched off. However, data can be lost because of an unsuccessful key management system.
He also declared that encryption mechanisms using algorithms with appropriate key lengths are unbreakable, but poor implementations are.
|
