Saint Francis Federal Credit Union announced that nearly 8,400 clients could possibly be involved in a data breach when a backup tape went missing. It hasn’t been revealed whether any type of data encryption solution was used to protect the information.
Dearth of Information
In fact, not much has been made public about the breach, except for the number of people affected. Customer information was present in the backup tape, but what type of information hasn’t been revealed. No doubt, more information will filter through once the affected receive their breach notification letters.
(Or possibly not. I’ve read plenty of breach notifications where the lawyers artfully write without giving out any particular details at all.)
The bank added that the tape might have been “destroyed during a ‘trash removal process.'” I guess the implication is that the backup tape was earmarked to be thrown away? Or perhaps it was thrown away by accident, and the trash was compacted and burned?
Regardless, it means that the bank, as of yet, has no idea what happened to that tape.
Backup Tape Encryption – An Easy Way to Prevent Breaches
When it comes to data security, one of the problems companies face is finding a robust way of keeping track of information. After all, if you can’t keep track of sensitive information–where it is, who has it, etc.–there’s no way to protect it.
Actually, that last part is not entire accurate, is it? If the information on the backup tape had been encrypted, the information is protected (there’s a caveat to this which is: but only if the password is not compromised).
While a responsible firm would still try to find a way to keep track of the tape, in the event that something goes wrong, the presence of encryption would effectively nullify any threats posed by the loss of the tape.
This breach could potentially end up being a costly one for the St. Francis. As people are becoming more aware of the personal ramification to company data breaches, they’ve become even more lawsuit-happy than usual.
And while the courts have ruled time and time again that the “mere threat” of being harmed is not grounds for a lawsuit–you have to be able to prove there was real harm, financial or otherwise–it doesn’t stop people from filing them all the time.
Of course, some of these same people will not stop even if encryption software like AlertBoot is used. On the other hand, the use of such means protection from sending the breach letters in many states and serving clients with the protection they need.
It’s win-win, really.
Related Articles and Sites: