Significant Data Loss Events Reported in the Last Month
After a relatively quiet period of record loss disclosures, several significant losses have been reported over the last couple of weeks. In Japan, Resona Bank reported that they lost records on more than 950,000 bank clients, in an incident affecting 27 branches - including one located in the Diet building (where the Japanese House of Representatives is located).
Similar to many previous data losses, the bank claims that it has not received any reports of loss or illegal data use, even though the data included names, account numbers and transaction details
A slightly different report of a data loss, this time involving industrial espionage / data theft has affected Boeing, where an employee stole more than 300,000 pages of sensitive documents from the aerospace giant over more than two years, gradually leaking them to the media. With the documents pertaining to sensitive company operations, Boeing estimates that the information could be worth between $5 and $15 billion USD if sold or given to their competitors.
When the employee was arrested at the end of June, he was caught in the act of transferring more sensitive documents at the time of his arrest. Boeing may need to re-evaluate its data storage and management procedures after admitting that the files taken by the employee were not password protected or encrypted prior to him taking them.
The other simmering industrial espionage case at the moment is in Formula 1, where the McLaren and Ferrari teams are investigating how sensitive Ferrari technical data ended up in the possession of McLaren technical staff. Senior staff from both teams are under investigation over the transfer.
Elsewhere, further embarrassing details have been disclosed about the most recent loss of data from the US Veterans Affairs Department. According to an article at GovernmentExecutive.com, an IT specialist intentionally misled investigators in an effort to hide the true extent of the data breach. In that particular instance, more than a million people were affected. As with the earlier larger loss of data from Veterans Affairs, the most recent loss involved the loss of an external hard drive - though in this case it was from a VA facility, not an employee's home.
Even though the IT specialist reported the data missing, he went to the odd effort of encrypting and deleting content from his system after having reported the incident, and then denied having done so when questioned about it. It is expected that "appropriate Administrative action" will be taken against the employee.
Finally, it some of the credit card details stolen in the TJX (45 million records) and Polo Ralph Lauren data breaches have surfaced in Florida, where half a dozen people have been arrested for running an organised credit card fraud ring. Unfortunately for those who had their credit cards used for malicious purposes, more than $75 million USD had been charged to the cards before the arrests. At the time of the arrests, more than 200,000 account numbers were found in the possession of the suspects, with most being traced back to the TJX and Polo Ralph Lauren breaches.
14 July 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.