Chase Data for 2.6 Million Ends up in Landfill 148
svonkie writes to mention a ComputerWorld story about some bad news from some 2.6 Million Chase credit card customers. These folks are being told that tape backups with their information were mistakenly thrown away back in July. There's apparently no need to worry about possibility of compromised personal information; the company believes the tapes were destroyed at a landfill. Just the same, "To prevent similar incidents, Chase said it is strengthening its security procedures and is conducting a review of all data storage and protection processes. Chase began notifying the affected customers about the incident yesterday and said the process is expected to take two to three weeks. The company is offering one year of free credit monitoring to people whose Social Security numbers were on the tapes."
indexes? (Score:5, Interesting)
Re: (Score:1)
doh...preview next time
Re: (Score:3, Insightful)
This wasn't offline archiving, this was backing up the live data.
All the original records still exist.
Encryption!?! (Score:5, Funny)
Is this data not encrypted!?!
Yikes! A dumpster diver's paradise!
Re: (Score:3, Informative)
Re: (Score:2)
No, it's corrupted. (Score:5, Funny)
Re: (Score:2)
Re:Encryption!?! (Score:4, Interesting)
*sigh*
The sad part is there doesn't appear to be an effective evolutionary mechanism to rid the gene pool of such undesirable traits. Maybe this guy [rleeermey.com] should be in charge of their data security, to help make sure the clueless don't contaminate the rest of the world.
company named appropriately (Score:5, Funny)
Well, they better go Chase it!
In other news, 3 mil. shot in head by corporation (Score:5, Funny)
They *believe* they were destroyed? (Score:5, Insightful)
were placed in the trash to be retrieved later
before making it to the dump?
Shiny! (Score:1, Funny)
Re: (Score:2, Informative)
Re: (Score:3, Funny)
(Sorry.)
Re: (Score:1)
Is anyone else scared (Score:2)
Makes me wonder how much crap was lost before that law and were never told about.
Black Gold? (Score:1)
Re: (Score:2)
Yes since drug addicts clearly follow the laws.....
Re: (Score:2)
Shortly before he died my father was an insulin-injecting diabetic. We gave him an olive jar to put the used needles in when he visited.
When he died, we couldn't figure out what to do with the needles. The only place I could think of where I'd seen a sharps container lately was the men's room in the airport. I had this vision of
If I were a Chase customer... (Score:2, Insightful)
Re: (Score:1)
How dare someone NOT lie!
Re: (Score:2)
That's an incentive with TEETH.
Re: (Score:2)
We'll have to nuke the planet. Just to be sure.
Re: (Score:1, Interesting)
I know we all look back and say, what were they thinging with stories like this, but really, what were they thinking? Doesn't every single person that has any involvement with any type of backup media know that it contains information that anyone with that media could read? What person in the IT department would just throw them away? That does not make any sense at all. I work in a law firm of about
Re: (Score:2)
If I were a Chase... for now. (Score:2)
Place a curse on them for this BS [i-curse.com]
Circuit City (Score:5, Informative)
Re:Circuit City (Score:4, Insightful)
I have a CC with a "MBNA America" & "MasterCard" logo on it.
I called the 1-800 number on the back... and they responded:
"Hello, this is [Some Gal] with [Company I've Never Heard Of].
Makes me wonder, if your CC gets stolen/lost & you don't have a bill handy, how do you remember what number to call and report it?
Re: (Score:2)
111-1111... Chase? Damn!
111-1112... Chase? Damn!!
Re: (Score:2)
I'm a Chase cardholder and they do the same thing. The automated system answers with simply "Thank you for calling credit card services..." no company name at all. They also use the CallerID info as part of he verification for account access. If I call from my cell phone (which is the phone number I have listed with them), I
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I know EXACTLY who my Best Buy card bank is... (Score:2)
Re: (Score:1)
Re: (Score:2)
Which is a great bit of info for me. I am a Chase cardholder, but it's a real Chase card, not a Circuit City card, so I dodged the bullet on this one.
I say... (Score:5, Funny)
Re:I say... (Score:5, Insightful)
Re:I say... (Score:5, Insightful)
Re: (Score:2, Insightful)
"Blow stuff up with nukes"....+5 Insightful
Free credit monitoring (Score:4, Insightful)
Is it just me, or is the whole "pay for" credit monitoring industry a big con?
You have to PAY to find out what information may or may not be stored about you? It may be correct; it may be erroneous: you don't find out until you've stumped up the cash (and yes, I realise that the credit companies are required to make information available in the event that you are turned down for credit... but what about those who are just curious?).
And in this instance, what happens when that year is up?
Re: (Score:3, Informative)
Re:Free credit monitoring (Score:5, Informative)
Someone got an expired credit card number of mine and did some damage on eBay, lucky only for about $200. It still took me approximately 30 hours of my time just to clear the shit up with AOL, eBay, PayPal, and the collection agency that originally contact me. I also filed a local police report, contacted the FTC, and Equifax. By law one of the major credit agencies has to provide you with a free credit report in those situations. I'm not sure if anything can be done if your information was just "lost", rather than "stolen", but you are atleast guaranteed the free credit report each year regardless.
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Insightful)
the law should require ANY company that keeps customers private information for any period to at least proactively make the customer aware, then divulge it at no expense to the customer.
its my data, they're retaining it for some purpose, usually financial gain. i should be informed, given a cut or the option to have them expunge it.
Re: (Score:2)
On the flip side, it would make mail theft a more viable means of identity theft.
Right now, when you request a credit report, you'll be looking for it. If it's sent out automatically, would you realize if it didn't show up?
Re: (Score:2)
Re: (Score:2)
Then they'd be signed up for this service (automatic renewal) at the full consumer price. Credit monitoring services usually clamor for these kinds of cases since they tend to make money on people who stay with the service or just don't notice as the service autobills them.
With the high likelyhood of some kind of "partnership" between the creditor and these monitoring services (if not outright ownership), the offending bank stands to make money either
Re: (Score:1)
Free credit monitoring is the least they should be offering. Asking the customer to buy protection against potential misuse that was caused by the company is extortion. This is no different from throwing bricks close to someone's window and telling them, 'whoops, my bad. I tell you what, since I'm such an upstanding citizen, I'll make sure your window doesn't break from flying bricks for
Re: (Score:2, Interesting)
Re: (Score:2, Insightful)
Re: (Score:3, Informative)
Re: (Score:2)
Never trust the garbageman (Score:4, Funny)
Chase is being up-front about this (Score:2, Informative)
Circuit City Customers
Chase is notifying a segment of Circuit City credit card account holders that computer tapes containing their personal information were mistakenly discarded.
Re: (Score:2)
Were they in containers of some sort that may or may not have been cracked open while near the surface of the landfill?
What kind of volume do we have at this landfill, arriving daily. Not much, it was a holiday. Quite a lot, we get 40 trucks per hour here.
Were employees of the landfill, namely garbage pickup drivers, dozer drivers, interviewed to see if they "remember" seeing some sort of container that resembles "this one" (pict
In deep shit (Score:1)
Ha... (Score:1)
What's in your wallet???
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Human error (Score:1)
Re:Human error (Score:4, Funny)
I think they missed the fine print in step 3:
Chase Inc.
Procedure manual.
Page 1.
While cleaning out the server room:
1. Place trash barrel in center of room.
2. Remove tape from backup drive.
3. Toss backup tape across room to storage rack on opposite side of room.*
4. Collect all trash and place in trash barrel.
5. Bring trash to dumpster.
* Be sure not to allow tape to land in trash barrel.
No matter the security ... (Score:1)
Re: (Score:2)
So THAT is why they were Suicidal... (Score:2, Interesting)
The guys couldn't find the tape(s) and were SURE that they had ended up in the storage locker...
Guess they couldn't find them there...
Circuit City folks... (Score:2)
obviously (Score:4, Insightful)
How in the world would they just now find out that they threw such a thing away if they weren't already conducting some kind of review like that? The truth must be that they were already conducting the review, found the prior mistake, and then used the review as a way of atoning for the mistake.
Re: (Score:2)
Or a recovery.
Standardized management of customer data (Score:1)
It looks like a great opportunity for some IT company to come along and provide some standardized service. For example, the management company would provide options on encryption, accessing/sharing policies, archiving
Re: (Score:3, Informative)
CardSystems in Tucson, who lost 40 million Visa and Mastercard account records. CardSystems is one of several companies that process transactions for banks and merchants.
http://news.com.com/Credit+card+breach+exposes+40
Their incompetence is no surprise (Score:4, Informative)
The corporate intranet webshite had a form that all employees had to agree to yearly. My section all did theirs after I did, and each time they logged in *on different machines and with different accounts* the form thought they were me.
I know I could name many more things, but it's been a couple years and I've successfully blocked out most of those memories.
Why am I first hearing about this on Slashdot? (Score:3, Interesting)
Re: (Score:2)
Translation for not corporate doublespeakers (Score:2)
Like they'd have bothered to find out for sure if it got trashed or where every item in their trash goes.
Read: we really don't know where it is but no-one seems to have used the data yet, so we're going to say some non-commital 'we beleive' bullshit to make you feel happier.
Its not hard to do this (Score:2)
Really I am shocked that it does not happen (or at least doesn't get reported) more often. All it takes is one stupid employee, or one mis-run report and hundreds of tapes can end up anywhere.
Companies in the Fortune 500, let alone finanical institutions in the Fortune 50 have hundreds of thousands of backup tapes. These tapes do eventually wear out and need to be replaced. Typically, you would destroy the tapes onsit
Re: (Score:2)
At my previous job we had two degaussing devices. One mains powered unit like a large shaver, and a simple permanent magnet. Every tape which we got rid of was treated by one or both machines. Any competent organisation would do the same.
Re: (Score:2)
You don't see Chase accidentally burying bags full of money, now, do you?
Chase (Score:1)
In a word...total bs! (Score:1)
Time to update my information? (Score:2)
So that's why they keep sending me emails to update the information on my account!
...laura
Data Disposal (Score:1)
is this really that big of a deal? (Score:2)
Re: (Score:2)
This and a letter from the VA Dept on the same day (Score:4, Interesting)
Interesting timing. Just a moment ago I opened my mailbox and found a letter from the Department of Veterans Affairs. It seems they found the stolen hard drive [consumeraffairs.com] that contained personal info on 26.5 million veterans. According to the letter, the FBI found the laptop and hard drive.
As a further backup, the VA has "obtained data breach analysis services as a means of further ensuring no misuse of this data occurs in the future."
Like Chase, the VA is "throughly examining every aspect" of their information security program. In the case of the VA snafu, an employee took the laptop home in violation of VA policy. The rash of these incidents makes me wonder how we can expect any sort of large organization to keep a lid on data spills like these, given that most people can't be bothered with basic security precautions even on their own computers. Even if the VA spends millions upon millions of dollars upgrading their security technology and processes (which of course will draw the wrath of opponents of government waste), I'm not sure it will make much difference.
Ha! Ha! I am not Bushido Hacks. I am an ID theif! (Score:1)
--Bushido Hac
I have a related story sorta (Score:2, Interesting)
Because 50 year olds got common sense? (Score:2)
There is nothing new about loosing a box of paper records vs a stack of backup tapes. Just that it just seems looking back people used to have more common sense. Simple thing really, the old paper records at the local townhall were in a FUCKING SAFE. The new computer system has internet. Can you see the difference? One gets lo
Believe It Or Not (Score:2)
They "believed" the tapes were locked-down safe before, but they weren't. Now they "believe" the tapes were destroyed. Who cares what they "believe"? Corporations can't "believe" anything.
They need to produce evidence that these tapes were destroyed, offer proactive credit monitoring until the the personal info expires, and assume liability for any misuse o
Whoa (Score:2)
SSN secret (Score:2)
I am not a US citizen, and I wonder why an SSN is secret information that has power w.r.t. credit.
We do have a similar number, but it essentially is public information. It is printed on all letters from the tax office and social security (related) offices, and soon will be used by all government and municipality related offices. It is on your passport, your driver's license, it is everywher
Re:Inconceivable! (Score:4, Funny)
Re: (Score:1, Offtopic)
Re: (Score:2)
Re:Inconceivable! (Score:4, Funny)
[duck]
Re: (Score:2, Funny)
Re: (Score:2)
New York's dump is so big that its capital is named Trenton.