Bank’s Tape Loss Puts Spotlight on Backup Practices

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Bank of America’s admission on Friday that the company lost data tapes containing federal workers’ customer and account information will likely bring renewed attention to data security issues.

The bank confirmed that “a small number of computer data tapes were lost during shipment to a backup data center. The missing tapes contained U.S. federal government charge card program customer and account information.”

The Washington Post reported that the lost data tapes included personal information on 1.2 million federal employees, among them Sen. Patrick Leahy (D-Vt.).

Bank of America said it notified federal law enforcement officials, and added that “the investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost. Government cardholder accounts included on the data tapes have been and will continue to be monitored by Bank of America, and government cardholders will be contacted should any unusual activity be detected. No unusual activity has been observed to date.”

On top of a recent disclosure that data warehouser ChoicePoint had compromised the personal data of 140,000 consumers, the Bank of America admission will likely bring renewed scrutiny of data security and backup processes.

“Very few people encrypt backup tapes, which means that they rely on the security of the backup and off-site rotation process,” said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group. “Here’s a clear example of the risks of doing this.”

The result will likely be a jump in business for companies that encrypt data, Oltsik told Enterprise Storage Forum. “I expect that the phones will be ringing at Decru, Kasten-Chase and Neoscale on Monday,” he said.

The recent data security breaches are likely to bring renewed attention to efforts by Sen. Dianne Feinstein (D-Calif.) to craft national identity theft legislation expanding on California’s Database Breach Act, or state law SB 1386, which requires state agencies and businesses that collect personal information from California customers to promptly disclose security breaches or face severe penalties. The California law exempts encrypted data.

Feinstein reiterated her call for such national legislation last week after the ChoicePoint disclosure.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends, and analysis.

Latest Articles

15 Software Defined Storage Best Practices

Software Defined Storage (SDS) enables the use of commodity storage hardware. Learn 15 best practices for SDS implementation.

What is Fibre Channel over Ethernet (FCoE)?

Fibre Channel Over Ethernet (FCoE) is the encapsulation and transmission of Fibre Channel (FC) frames over enhanced Ethernet networks, combining the advantages of Ethernet...

9 Types of Computer Memory Defined (With Use Cases)

Computer memory is a term for all of the types of data storage technology that a computer may use. Learn more about the X types of computer memory.