By Tom Espiner, 4 May 2006 08:45
NEWS
Data protection and storage company Iron Mountain has admitted losing back-up tapes for two of its customers.
Tapes containing the private information of employees of the Long Island Rail Road company (Lirr) were lost during "a routine delivery" in early April, said Iron Mountain.
Other tapes belonging to a different company were also lost but did not contain sensitive data, the storage company said. The name of the client was not disclosed.
Investigations by Iron Mountain in collaboration with the New York Police Department (NYPD) and the Metropolitan Transportation Authority (MTA) found the loss was probably an accident, although foul play was initially suspected.
Iron Mountain said: "While the case was opened as a potential burglary, the collaborative investigation between the NYPD, the MTA police and Iron Mountain's own security organisation has found no information to suggest the back-up tapes were misappropriated in any way."
Current, past, and retired employees of Lirr have been notified that their personal data has been lost, in accordance with New York State law.
The data protection company denied personal information could be misused as a result and said it was "unlikely" to lead to identity theft.
It said: "There is no evidence to suggest the information on the back-up tapes has been accessed by unauthorised persons. It is unlikely that someone interested in stealing identities would ever target back-up tapes because the information would be too difficult to access and read; it would require highly specialised expertise, specific software and sophisticated technology equipment."
This is not the first time Iron Mountain has lost sensitive customer information. Last July the company mislaid a container of back-up tapes from several banks containing the account details of banking customers.
Those tapes belonged to a Texas-based ISP that hosted a software application used by the banks, and were lost while being transported from a data processing company to storage.
In March last year Iron Mountain lost computer tapes containing the personal information of about 600,000 current and former Time Warner employees.
Tom Espiner writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. Thinking SAFE
Why do people still use tapes ?
Secure backups to disk onsite, then replicate to an offsite backup appliance stored in a secure datacentre. All the data is encrypted, only you have access to the AES encryption keys so no one can steal your data. Use a managed service if you wish to outsource a non-core IT function or buy the software and hardware and deploy across your own sites. It's the way forward.
2. Simon
I spot PR spin !
>> It is unlikely that someone interested in stealing identities would ever target back-up tapes because the information would be too difficult to access and read
Err, it only needs the right tape drive and possibly certain readily available software
>> it would require highly specialised expertise
You mean like the sort of basic stuff that criminals already have.
>> specific software
Possibly only the standard stuff that comes on most basic OS installs. You don't need the original database/application to extract the - depending on the storage methods used it might be as simple as extracting specific character ranges from certain files.
>> and sophisticated technology equipment
Err, like a PC !
So in contrast to what the PR spin says, it just needs readily available hardware and software to read the data. It might take a little work to figure out which files to look in, but probably nothing too onerous.
Extracting data from backups when the original application isn't available is something I've done several times in the past.