Bank’s Tape Loss Puts Spotlight on Backup Practices

Bank of America’s admission on Friday that the company lost data tapes containing federal workers’ customer and account information will likely bring renewed attention to data security issues.

The bank confirmed that “a small number of computer data tapes were lost during shipment to a backup data center. The missing tapes contained U.S. federal government charge card program customer and account information.”

The Washington Post reported that the lost data tapes included personal information on 1.2 million federal employees, among them Sen. Patrick Leahy (D-Vt.).

Bank of America said it notified federal law enforcement officials, and added that “the investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost. Government cardholder accounts included on the data tapes have been and will continue to be monitored by Bank of America, and government cardholders will be contacted should any unusual activity be detected. No unusual activity has been observed to date.”

On top of a recent disclosure that data warehouser ChoicePoint had compromised the personal data of 140,000 consumers, the Bank of America admission will likely bring renewed scrutiny of data security and backup processes.

“Very few people encrypt backup tapes, which means that they rely on the security of the backup and off-site rotation process,” said Jon Oltsik, senior analyst for information security at Enterprise Strategy Group. “Here’s a clear example of the risks of doing this.”

The result will likely be a jump in business for companies that encrypt data, Oltsik told Enterprise Storage Forum. “I expect that the phones will be ringing at Decru, Kasten-Chase and Neoscale on Monday,” he said.

The recent data security breaches are likely to bring renewed attention to efforts by Sen. Dianne Feinstein (D-Calif.) to craft national identity theft legislation expanding on California’s Database Breach Act, or state law SB 1386, which requires state agencies and businesses that collect personal information from California customers to promptly disclose security breaches or face severe penalties. The California law exempts encrypted data.

Feinstein reiterated her call for such national legislation last week after the ChoicePoint disclosure.

Back To Enterprise Storage Forum

Paul Shread
Paul Shread
eSecurity Editor Paul Shread has covered nearly every aspect of enterprise technology in his 20+ years in IT journalism, including an award-winning series on software-defined data centers. He wrote a column on small business technology for Time.com, and covered financial markets for 10 years, from the dot-com boom and bust to the 2007-2009 financial crisis. He holds a market analyst certification.

Latest Articles

Ultimate Storage Area Network (SAN) Security Checklist

Securing storage area networks (SANs) has always been necessary, but it's even more important in the current business cybersecurity climate. SANs connect multiple storage...

Storage Software Q&A With Chris Schin of HPE

Storage software technology continues to undergo rapid shifts. As enterprises' data needs multiply, storage providers have scaled their software products, so customers can optimize...

What Is Virtual Memory? Ultimate Guide on How It Works

Virtual Memory allows a computer more memory than physically available. Learn how it works & how it differs from physical memory. Click here now.