The Japanese credit card company Mitsubishi UFJ Nicos has announced that they have lost the information of 197,000 customers. However, they believe that the loss won’t pose a problem because the “data were stored in a film that requires a special reading device to use,” according to japantimes.co.jp. It sounds like no other form of data protection was used, such as encryption software, for example.
Film has worked, and still works, as one of the most popular methods of backing up data. Another name for film is, of course, tape–cassette tapes, video tapes, backup tapes, and other magnetized film surfaces. If you’re not yet 20, there’s a good chance you’ve never seen one of these.
Could it possibly be that this data that was lost, stored in a film that requires a special reading device, is actually a backup tape of some sort? It sounds like it.
If so, the credit card company is being slightly devious, I think (and I really do mean “I think.” It could very well be that the Japanese equivalent for “backup tape” is “film that requires a special reading device,” and has been transcribed as such in the original article. For example, the other day I learned that the Japanese word for “food” is tabemono, literally “thing to eat.”)
As such, it’s hard to claim that the data is safe. I mean, the only thing preventing one from accessing the data–again, assuming some type of tape encryption technology was not used–is the fact that one does not have the necessary equipment for reading the contents of the tape.
However, such equipment–a.k.a., a tape drive–is available for purchase. It costs a bit more than, say, a DVD drive, but less than a fully-decked out computer, so it’s not out of reach for most people.
Using Encryption To Prevent A Data Breach
The use of file encryption software from AlertBoot would present a more formidable obstacle to accessing the contents of this “film,” as opposed to the perceived lack of access to specialized equipment.
With the latter, the only real obstacle is money (and not much of it, all things considered), whereas the use of encryption would require that the correct password or that the encryption key be guessed.
Related Articles and Sites: