Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chase Data for 2.6 Million Ends up in Landfill

Posted by ryuzaki0 on from the that's-something-of-an-oops dept.

svonkie writes to mention a ComputerWorld story about some bad news from some 2.6 Million Chase credit card customers. These folks are being told that tape backups with their information were mistakenly thrown away back in July. There's apparently no need to worry about possibility of compromised personal information; the company believes the tapes were destroyed at a landfill. Just the same, "To prevent similar incidents, Chase said it is strengthening its security procedures and is conducting a review of all data storage and protection processes. Chase began notifying the affected customers about the incident yesterday and said the process is expected to take two to three weeks. The company is offering one year of free credit monitoring to people whose Social Security numbers were on the tapes."

23 of 148 comments (clear)

  1. indexes? by Loconut1389 · · Score: 5, Interesting

    if they think the tapes were destroyed, how do they know exactly which card numbers were on the tapes? I mean they may know the bulk, but not all, right? or would they? If they got rid of the tapes, would the still have the indexes?

    1. Re:indexes? by LiquidCoooled · · Score: 3, Insightful

      Forget indexes, they were backup tapes not originals.
      This wasn't offline archiving, this was backing up the live data.

      All the original records still exist.

      --
      liqbase :: faster than paper
  2. Encryption!?! by dgatwood · · Score: 4, Funny

    Is this data not encrypted!?!

    Yikes! A dumpster diver's paradise!

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

    1. Re:Encryption!?! by MECC · · Score: 3, Interesting

      I was working on a project with equifax, one of the companies that keeps a repository of consumer credit data. We were setting up a VPN to their internal network. I offered to give them my public key so they could encrypt some configuration data. They promptly sent it all in the clear, keys and everything.

      *sigh*

      The sad part is there doesn't appear to be an effective evolutionary mechanism to rid the gene pool of such undesirable traits. Maybe this guy should be in charge of their data security, to help make sure the clueless don't contaminate the rest of the world.

      --
      "We are all geniuses when we dream"
      - E.M. Cioran
  3. company named appropriately by User+956 · · Score: 4, Funny

    These folks are being told that tape backups with their information were mistakenly thrown away back in July.

    Well, they better go Chase it!

    --
    The theory of relativity doesn't work right in Arkansas.
  4. In other news, 3 mil. shot in head by corporation by spun · · Score: 5, Funny

    Company spokesman says, "Ooops. Our bad. Please, Mr. Government, whatever you do to punish us, don't give us lots of money. We hate that." Government officials are trying to determine how much money to punish them with.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
  5. They *believe* they were destroyed? by SpaceLifeForm · · Score: 4, Insightful

    Gee, what if this was an inside job, and they
    were placed in the trash to be retrieved later
    before making it to the dump?

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
  6. Circuit City by phatvw · · Score: 5, Informative

    The article summary posted above fails to mention that these were Circuit City credit customers. That is a very important bit of info as many retail credit card holders often have no idea who the issuing bank is.

    1. Re:Circuit City by TubeSteak · · Score: 3, Insightful
      That is a very important bit of info as many retail credit card holders often have no idea who the issuing bank is.
      True dat.

      I have a CC with a "MBNA America" & "MasterCard" logo on it.

      I called the 1-800 number on the back... and they responded:
      "Hello, this is [Some Gal] with [Company I've Never Heard Of].

      Makes me wonder, if your CC gets stolen/lost & you don't have a bill handy, how do you remember what number to call and report it?
      --
      [Fuck Beta]
      o0t!
  7. I say... by camperdave · · Score: 5, Funny

    I say they nuke the site from orbit. It's the only way to be sure.

    --
    When our name is on the back of your car, we're behind you all the way!
    1. Re:I say... by rolfwind · · Score: 5, Insightful

      The landfill or Chase?

    2. Re:I say... by quanticle · · Score: 5, Insightful

      Both. Its the only way to be sure.

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
  8. Free credit monitoring by earthlingpink · · Score: 4, Insightful
    One year of free credit monitoring?

    Is it just me, or is the whole "pay for" credit monitoring industry a big con?

    You have to PAY to find out what information may or may not be stored about you? It may be correct; it may be erroneous: you don't find out until you've stumped up the cash (and yes, I realise that the credit companies are required to make information available in the event that you are turned down for credit... but what about those who are just curious?).

    And in this instance, what happens when that year is up?

    1. Re:Free credit monitoring by VanillaBabies · · Score: 3, Informative

      As i recall you're allowed 1 free credit report a year every year anyway. Wasn't there a piece of legislation passed that said that?

    2. Re:Free credit monitoring by Anonymous Coward · · Score: 5, Informative

      The FTC website gives good explanation of how you can get a free credit report. You can get one per year for free (as parent mentioned), but you can also get them in other situations, such as if you are the victim of identity theft, or if you are unemployed, etc.. They lay out a few examples of how you can get one in the linked document.

      Someone got an expired credit card number of mine and did some damage on eBay, lucky only for about $200. It still took me approximately 30 hours of my time just to clear the shit up with AOL, eBay, PayPal, and the collection agency that originally contact me. I also filed a local police report, contacted the FTC, and Equifax. By law one of the major credit agencies has to provide you with a free credit report in those situations. I'm not sure if anything can be done if your information was just "lost", rather than "stolen", but you are atleast guaranteed the free credit report each year regardless.

  9. Never trust the garbageman by davidwr · · Score: 4, Funny

    Now we know where this guy funds his science projects and student loans.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  10. obviously by swelke · · Score: 3, Insightful

    To prevent similar incidents, Chase said it is strengthening its security procedures and is conducting a review of all data storage and protection processes.

    How in the world would they just now find out that they threw such a thing away if they weren't already conducting some kind of review like that? The truth must be that they were already conducting the review, found the prior mistake, and then used the review as a way of atoning for the mistake.

    --
    Have you ever wondered How to Take Over
  11. Re:Inconceivable! by rtjohn · · Score: 4, Funny

    Inconceivable! You keep using that word. I do not think it means what you think it means

  12. Their incompetence is no surprise by Anonymous Coward · · Score: 4, Informative

    I used to work at a Chase subsidiary, and no amount of IT incompetence from them surprises me. Frankly I'm shocked we were never sued into the ground with the idiotic things they did; for example, sending out tax forms for RV loans late, resulting in customers losing tax refund money; also (it was a "loan servicer") we'd call people 3x or more/day after they'd already spoken to us.

    The corporate intranet webshite had a form that all employees had to agree to yearly. My section all did theirs after I did, and each time they logged in *on different machines and with different accounts* the form thought they were me.

    I know I could name many more things, but it's been a couple years and I've successfully blocked out most of those memories.

  13. No, it's corrupted. by skids · · Score: 4, Funny

    I know this for a fact, because of all the spam I keep getting telling me to fix the particulars of a Chase bank account which I have never had in the first place. Obviously there are bit errors in the data :-)

    --
    Someone had to do it.
  14. Re:Human error by mypalmike · · Score: 3, Funny

    > So what it came down to is someone not doing the proper procedure.

    I think they missed the fine print in step 3:

    Chase Inc.
    Procedure manual.
    Page 1.

    While cleaning out the server room:

    1. Place trash barrel in center of room.
    2. Remove tape from backup drive.
    3. Toss backup tape across room to storage rack on opposite side of room.*
    4. Collect all trash and place in trash barrel.
    5. Bring trash to dumpster.

    * Be sure not to allow tape to land in trash barrel.

    --
    There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
  15. This and a letter from the VA Dept on the same day by Infonaut · · Score: 3, Interesting

    Interesting timing. Just a moment ago I opened my mailbox and found a letter from the Department of Veterans Affairs. It seems they found the stolen hard drive that contained personal info on 26.5 million veterans. According to the letter, the FBI found the laptop and hard drive.

    "Based on the results of forensic tests, the Federal Bureau of Investigation (FBI) has told us that they are highly confident the sensitive data were not accessed."

    As a further backup, the VA has "obtained data breach analysis services as a means of further ensuring no misuse of this data occurs in the future."

    Like Chase, the VA is "throughly examining every aspect" of their information security program. In the case of the VA snafu, an employee took the laptop home in violation of VA policy. The rash of these incidents makes me wonder how we can expect any sort of large organization to keep a lid on data spills like these, given that most people can't be bothered with basic security precautions even on their own computers. Even if the VA spends millions upon millions of dollars upgrading their security technology and processes (which of course will draw the wrath of opponents of government waste), I'm not sure it will make much difference.

    --
    Read the EFF's Fair Use FAQ
  16. Re:Inconceivable! by dman123 · · Score: 3, Funny

    As you wish.

    [duck]

    --

    --
    dman123 forever!
    Filtering out the -1s and 0s since 1999.