Saturday, January 14, 2006
Reports in December described the loss of customer data tapes from a large mortgage company and revealed that hackers had managed to infiltrate the database of a company that itself investigates computer hacking incidents. The developments were fitting ways to cap off a year that was swimming in security breaches and identity theft. I see little improvement in the ways industry protects our data.
News of the ChoicePoint breaches broke in February of last year. Then we heard about the scare with Bank of America tapes, Social Security numbers of Boeing employees, everything in between, and now the latest. It’s like nobody has learned anything.
MSNBC and others ran articles late that month piecing together the apparent loss by delivery firm DHL and subsequent retrieval by the proprietor, a mortgage company, of computer tape containing data on 2 million mortgage customers. According to accounts, Dutch-owned ABN Amro Mortgage Group Inc. later reported the retrieval of lost computer tape that had entered transit via DHL on Nov. 18, more than a month earlier.
These companies should treat this data as if it were money to be transported in an armored vehicle. Imagine if millions of dollars were transported via a run-of-the-mill delivery truck.
Companies are cutting corners. It costs money to expand the capabilities of in-house server backup. Taking chances with the transit of consumers’ data costs industry less to low-tech warehouses is less expensive.
And people should be asking why the credit bureaus aren’t providing transport vehicles. Credit bureaus require the tapes but don’t seem to chip in with transportation costs.
The Washington Post then reported that hackers had compromised the database of Guidance Software, a Pasadena, Calif.–based company whose purpose, ironically, is to diagnose hacked computer systems. According to the article, Guidance’s database contained sensitive identifying information on thousands of those working in law enforcement and network security.
To Guidance’s credit, the company was prompt in notifying customers of their compromised identities. This is more than can be said for most other companies this year plagued by security breaches. Beyond the irony behind Guidance’s problems, we see just how perilous computer security really is. Everyone’s identity is on a computer, somewhere, and it seems like the information is fair game if you’re a smart enough hacker.
Industry needs to be in crisis mode, but doesn’t seem to be. Companies continue to handle our data just as they have for years despite the obvious threat exemplified by multiple high-profile breaches this year. How many second chances are we going to give them?