Although IBM is part of an industry alliance that advises businesses to encrypt their customer data, the company is in the awkward position of looking for data on its own employees that was not cloaked. The tech giant is blaming a third-party vendor for losing data tapes that contain the personal information of former employees. […]
Although IBM is part of an industry alliance that advises businesses to encrypt their customer data, the company is in the awkward position of looking for data on its own employees that was not cloaked.
The tech giant is blaming a third-party vendor for losing data tapes that contain the personal information of former employees.
The lost data includes dates of birth, Social Security numbers, addresses, lengths of employment and other private information, said IBM spokesman Fred McNeese. He would not say how many tapes were lost or how many former employees were affected.
A third-party vendor lost the data on Feb. 23, McNeese said, when IBM hired it to transport the tapes from IBM’s corporate headquarters to permanent storage. McNeese refused to disclose the name of that third-party vendor, but confirmed that IBM’s relationship with the company continues.
He said IBM is currently planning measures to prevent this type of data loss again. He refused to disclose the specifics of those plans, but they likely fall in line with recommendations from the Cyber Security Industry Alliance (CSIA), an organization to which IBM belongs, according to a CSIA spokeswoman.
In a section on CSIA’s Web site titled, “What is a ‘data breach’ and how does it occur?” the site reads, “Data breaches occur in a variety of ways.” One of the most common ways, according to the site, is when “tapes containing data backups or transfers disappear in transit.”
CSIA suggests encrypting the data so it cannot be easily read if it falls into the wrong hands.
IBM, in fact, has been offering data tape encryption since last fall.
“Encryption scrambles data in a way that makes it unreadable except by individuals with proper keys and credentials, and thus useless to thieves and unauthorized individuals,” the CSIA site reads.
CSIA recommends that federal laws be passed to require companies to encrypt personal data.
McNeese said that IBM did not encrypt all of the data stored on the missing tapes, despite its listing as a “principal” member of the CSIA, adding that there are no indications that anyone has accessed the personal data.
To ensure that the former employees whose data was stored on the tapes do not become victims of identity theft, IBM hired data-security firm Kroll to monitor the former employees’ credit for the next year. It was an ex-employee who received letters from Kroll who tipped the Associated Press, which first reported the story.
McNeese said IBM told the effected ex-employees about the lost data because “it was the right thing to do.”
Article courtesy of InternetNews.com
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
