Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bank Of America Loses 1.2 Million Customer Records

Posted by Zonk on from the great-week-for-customer-service dept.

Christopher Reimer writes "C|Net is reporting that Bank of America lost 1.2 million customer records when some backup tapes went missing while being shipped to a backup center. The lost records mainly effect U.S. government employees involved in the SmartPay program. From the article: 'The acknowledgment comes as several other cases of businesses losing consumer information have come to light.'"

11 of 299 comments (clear)

  1. Well... by JavaMoose · · Score: 5, Insightful
    This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

    Now, I generally frown on lawsuits, but this is one type of case where it works. The people on these lists need to start filing class action lawsuits against these companies. Large corporations only feel something when they lose money, maybe it would send the message that you will be held accountable if you do not take security seriously.

    As we all know, nothing is as valuable as our information.

    1. Re:Well... by reallocate · · Score: 5, Insightful

      This is really getting out of hand. For every case like this we hear about, I wonder if there are a few that get swept under the rug?

      You're hearing about this because of the flap about CheckPoint, and you heard about CheckPoint because of the current flap about identity theft.

      If not for those circumstances, these stories would very likely have been reported in the business press, but otherwise below the general public's radar.

      So, you have no reason to assume that the first appearance of an event on TV or in Slashdot means it never happened before.

      BofA ought, of course, be held responsible for their behavior. I don't know if these cardholders can sue, since the card's were issued to them in conjunction with their federal employment. And, unless they are able to document loss as a result of the loss, I'm not sure what grounds they'd have for a suit.

      That said, BofA just dug itself a big hole for the next contract recompete. Their accountablity may come in the form of losing that recompete. (Don't imagine, though, that a contract of that size will be given to some local mom-and-pop bank.)

      --
      -- Slashdot: When Public Access TV Says "No"
    2. Re:Well... by TopShelf · · Score: 3, Insightful

      Remember also that you heard about Checkpoint because California law requires that companies inform customers whose data has been comprimised. If this had happened just about anywhere else, it could easily have been swept under the rug.

      --
      Stop by my site where I write about ERP systems & more
  2. Encryption? by lachlan76 · · Score: 4, Insightful

    But aren't the backups encrypted? Right?

    1. Re:Encryption? by EvilTwinSkippy · · Score: 3, Insightful

      Yeah, and backups are also barcoded and hand-tranported by courier to and offsite storage/security vault.

      --
      "Learning is not compulsory... neither is survival."
      --Dr.W.Edwards Deming
  3. This has been coming for a _long_ time... by ites · · Score: 5, Insightful

    When businesses started collecting huge amounts of detailed via through the web in the mid 1990's, it was clear where we were heading:

    1. unlimited storage capacity meant complex and detailed records could be kept on every person.

    2. guaranteed incompetence meant these records would be abused, lost, exposed and manipulated.

    I don't see either of these trends changing.

    Applies to both commercial and governmental databases. Chaos, mess, confusion, abuse, on a huge and ever-increasing scale.

    Welcome to the 21st century. You can opt out by unchecking the "Connect to the Internet" box about 10 years ago...

    --
    Sig for sale or rent. One previous user. Inquire within.
  4. Spooky Business by handy_vandal · · Score: 3, Insightful
    According to Time.com ...
    The U.S. official said a large percentage of the accounts are for the Pentagon but that some 40 federal agencies and other entities are affected. Some of the tapes related to non-federal card-holders, the official added. Trower would not comment on which agencies are affected, referring questions to the General Services Administration. A GSA spokesperson had no immediate response to an inquiry about the matter, including whether any of the Pentagon's billions of dollars in secret "black" programs could be affected. Pentagon spokesman Bryan Whitman said the data loss includes files on 900,000 of the Pentagon's three million or so military and civilian workers. "It is a significant number of the Department's employees," he said, declining to say whether it affected any who are working undercover.
    Source
    Spooky business. One wonders ... were these records stolen by domestic agents? Foreign agents? Freelancers?

    -kgj
    --
    -kgj
  5. at odds by underworld · · Score: 4, Insightful

    These two statements seem to be at odds with each other:

    "We deeply regret this unfortunate incident," Barbara Desoer, who is in charge of technology, service and fulfillment for the Charlotte-based bank, said in a statement. "The privacy of customer information receives the highest priority at Bank of America, and we take our responsibilities for safeguarding it very seriously."

    Sen. Charles Schumer, a New York Democrat, told Reuters that he had been informed by the Senate Rules Committee that the data tapes were likely stolen off a commercial plane by baggage handlers.

    So - they are so concerned about maintaining the security of their data that they gave it (in a very non-descript way mind you) to a group of people outside of their organization who have a history of struggling with integrity.

    yippee...

  6. Annoying by FreeLinux · · Score: 4, Insightful

    I doubt that you meant it that way but, your post has rubbed me the wrong way. Your's is just the latest in a long running series of similar posts where the blame for a situation is redirected at the victim.

    The tapes were believed to be stolen by airport bagage handlers during shipment to BoA's offsite facility, likely another datacenter. It's still under investigation so the news agencies are not yet able to accurately report exactly what happened.

    By all accounts BoA has made reasonable effort to protect its data, its tapes and its customers. BoA, and by proxy its customers, are the victim of theft. The blame lies squarely on the shoulders of the thieves and no where else.

    In ANY incident, there will always be something more that could have been done to prevent the incident from happening. But, it becomes a question or reasonable care. Was reasonable care taken? It certainly seems as if it was in this case.

    Let's put the blame where it belongs. Don't redirect the blame to the victims.

  7. Re:Well.. by ScrewMaster · · Score: 3, Insightful

    Yes, and they would most certainly take steps to protect themselves. What that would do for the rest of us is anyone's guess.

    --
    The higher the technology, the sharper that two-edged sword.
  8. Re:most aggravating thing by YrWrstNtmr · · Score: 3, Insightful
    These records were stolen during transfer on a *commercial airliner*. Why the hell would you put something that important on something you have no control over?
    Sure, the senators are outraged that this happened. But they should be even more outraged that BoA chose to use a method so cheap to transfer critical data.

    Quite a lot of 'critical data' and other items is moved on commercial airlines every day. Backup data such as this, organ transplants, diplomatic pouches, etc.

    The airline is merely a subcontrator of BoA, charged with moving the stuff from A to B. An organization cannot handle everything inhouse. Quite a lot of functions are subcontracted out. The only more secure way would be for BoA to own and operate their own fleet of transport aircraft, with their own baggage handlers, and the data moved from the data center to the airport by their own security personnel, in their own armored trucks.

    Same for a hospital. If they have to send your records somewhere, should the have to do it on their own aircraft?