Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Missing Iron Mountain backup tapes prompts identity theft fears for J.C. Penny customers - January 18, 2008

GE Money, the firm hired by J.C. Penny to run its credit card operations, announced Thursday that it is missing backup tapes containing the personal information of about 650,000 J.C. Penny shoppers.

The personal information contains about 150,000 Social Security numbers. GE said the tape was discovered missing last October by a worker at a warehouse run by Boston-based data-protection and storage company, Iron Mountain Inc.

It is unclear if the data was encrypted. "When stolen data is encrypted, companies are quick to point it out as a way to ensure customers that their identities are safe," say Security Consultant Brian McCarthy for Sencilo Solutions. GE Money spokesman Richard C. Jones said the company was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

"As is standard practice in our industry, we rarely know the nature of the information stored on the media we transport, nor the level of encryption or security our customers use," said Iron Mountain spokesman, Dan O'Neill in an email exchange. "We understand the tape was created in such a manner that unauthorized access to the data is extremely unlikely and difficult, even for its with specialized knowledge and technology."  Un-true says, McCarthy, 30 day demo backup software is available from most vendors as a free download, and the tape drives are common place via E-Bay", Iron Mountain again is trying to cover its tracks".  The only true and compliance way it to encrypt the tapes using encryption appliances or up-grade to the latest LTO-4 tape drives that have built-in encryption." 

It's the second time in recent months that Iron Mountain lost customer data. In October, Iron Mountain said it lost a decade's worth of bank account data and Social Security numbers for almost all Louisiana college applicants and their parents. The company was moving the backup tapes containing the information. A driver reportedly lost a case full of backup data for every Louisiana application for federal student aid from 1998 through Sept. 13, 2007.

Greg Schulz, an industry analyst with the Stillwater Minn.-based StorageIO Group downplayed the J.C Penny incident saying that it would be too labor intensive for a cybercriminal to steal the data off any missing tapes. 

"A penny theft criminal is not going to target an individual tape," Schulz said.

If the tape was targeted, a sophisticated cybercriminal would need to know the type of tape it is and have a specific device to read the data. Once cracked, the hacker would need to determine how the data was formatted. The work would be labor and financially intensive and therefore not a viable way for a cybercriminal to make money stealing identities, he said.

"Tapes have been lost and misplaced and have never left the building and the reality is that there are probably fewer tapes being lost today than there have been in the past," Schulz said. "Whether they're putting data on a tape or CDs or removable hard drives, the chance of that data getting lost is there."

"To bolster security in the wake of many high profile data breaches, some companies are encrypting data on backup tapes. Some firms are also using radio frequency identification and global positioning to track and maintain a handle on backup data", McCarthy of Sencilo Solutions said.

IBM has introduced encrypting tape drives and most back up software can encrypt but it still has to be turned on, said Eric Maiwald, an analyst at Midvale, Utah-based Burton Group.The potential for losing data because of a failed key management system must also be taken into account, Maiwald said.

"Encryption mechanisms that use appropriate algorithms with appropriate key lengths are effectively impossible to break. However, we have seen poor implementations that are breakable (such as WEP),"  McCarthy said.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-area-network.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell