Bank’s Tape Loss Puts Spotlight on Backup Practices

Enterprise Storage Forum content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Bank of America’s admission on Friday that the company lost data tapes containing federal workers’ customer and account information will likely bring renewed attention to data security issues.

The bank confirmed that “a small number of computer data tapes were lost during shipment to a backup data center. The missing tapes contained U.S. federal government charge card program customer and account information.”

The Washington Post reported that the lost data tapes included personal information on 1.2 million federal employees, among them Sen. Patrick Leahy (D-Vt.).

Bank of America said it notified federal law enforcement officials, and added that “the investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost. Government cardholder accounts included on the data tapes have been and will continue to be monitored by Bank of America, and government cardholders will be contacted should any unusual activity be detected. No unusual activity has been observed to date.”

On top of a recent disclosure that data warehouser ChoicePoint had compromised the personal data of 140,000 consumers, the Bank of America admission will likely bring renewed scrutiny of data security and backup processes.

“Very few people encrypt backup tapes, which means that they rely on the security of the backup and off-site rotation process,” said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group. “Here’s a clear example of the risks of doing this.”

The result will likely be a jump in business for companies that encrypt data, Oltsik told Enterprise Storage Forum. “I expect that the phones will be ringing at Decru, Kasten-Chase and Neoscale on Monday,” he said.

The recent data security breaches are likely to bring renewed attention to efforts by Sen. Dianne Feinstein (D-Calif.) to craft national identity theft legislation expanding on California’s Database Breach Act, or state law SB 1386, which requires state agencies and businesses that collect personal information from California customers to promptly disclose security breaches or face severe penalties. The California law exempts encrypted data.

Feinstein reiterated her call for such national legislation last week after the ChoicePoint disclosure.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.
Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cloud Insider for top news, trends & analysis
This email address is invalid.

Latest Articles

Backup and Recovery: A Comprehensive Guide

Backup and recovery is the process of creating and storing copies of data to protect against data loss. Learn more about backup and recovery with this guide.

10 Top Data Storage Certifications

Get up-to-date on the best data storage certifications for 2023. Learn which certifications are best for data storage engineers, administrators, and managers.

6 Best Data Storage Solutions and Software for 2023

Data storage solutions organize and backup enterprise data. Explore the top data storage software and vendors now.