Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unencrypted Lost Tape Affects 230 Retailers

Posted by Soulskill on from the keep-an-eye-out dept.

Lucas123 tells us that a backup tape lost by Iron Mountain reportedly contains credit card information from 650,000 customers. The unencrypted tape also holds Social Security numbers for 150,000 customers. Quoting the Computerworld Article: "Although J.C. Penney was the only company that Jones would confirm as affected by the missing tape, that retailer accounts for just a small percentage of all accounts that were compromised. In total, 230 retailers are affected by the breach. 'Clearly that number includes many of the national retail organizations,' he said."

7 of 75 comments (clear)

  1. Unencrypted? by Doug52392 · · Score: 2, Insightful

    If companies want to store customers credit card numbers and social security numbers for years on their systems, could they at least use common sense? The backup tape should have at least been encrypted, and should have been behind lock and key.

  2. Keyword: Unencrypted by cyberjock1980 · · Score: 2, Insightful

    So what's so hard about implementing encryption? Seriously. It's easy to implement and use and it can put MANY minds at easy knowing that recovery of the data is virtually impossible. I still think the UK is on the right track with the law punishing the company owners when something goes awry and they lose their tapes. Chairman would suddenly take note of yet another way the could get fired, and I'm sure they'd take steps to keep their job.

  3. Social Security? by IBBoard · · Score: 5, Insightful

    Okay, so I'm British and don't know how the American system works (only visited once) but social security numbers? What were people buying such that they were customers on this tape and had their SS# recorded? As close as we get is our National Insurance number (for benefits and pension contributions) and I've never known of anyone other than an employer who needs to know it.

    1. Re:Social Security? by hey! · · Score: 3, Insightful

      Because you've got functioning privacy laws that require risks to personal data be addressed in advance. In the US, we wait until a situation becomes so intolerable that people are boiling pitch and collecting feathers, at which point the narrowest possible ad hoc law is drafted by lobbyists and rubber stamped by Congress.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Re:Broken system by Anonymous Coward · · Score: 1, Insightful

    how long until someone realizes the current system is broken?

    Everyone knows it's broken, and the credit companies are knowing it all the way to the bank. After all, equifax gets its cash whether it's you or someone else getting a loan. Visa gets its cash whether it's you or someone else using your credit card, and they probably even keep the 1% on top of the charge (if not charging the merchant even more) when someone reverses their charge. Captialism at it's finest.

  5. Re:Broken system by elronxenu · · Score: 3, Insightful
    You tell someone on the phone your password. That person now knows your password. You forget to change it afterward, and that person now gets _different_ credit in your name.

    I think any system in which you, the user, have to hand over your secrets to some third party to authenticate yourself, is just going to suffer from the same kind of problems. This is just like payment by credit card. You hand over the secret number to restaurants and shops whenever you use the card.

    You really need to be able to authenticate yourself without handing over any secrets, i.e. by using some kind of protocol where you prove that you _have_ a secret (such as a CC# or SSN) without any requirement to reveal what it is.

  6. Think ID theft is bad now.... by Initi · · Score: 1, Insightful

    Wait until the US Feds cram RealID down our throats. Roosevelt was warned of the dangers of a single national ID number; which he and his supporters dismissed. It only took 65-70 years for technology to catch up to this particular nightmare.