Bank of NY Loses Tapes With 4.5 Million Clients' Data 156
Lucas123 brings news that Bank of New York Mellon Corp. has admitted they lost a box of unencrypted data storage tapes. The tapes contained personal information for over 4.5 million people. From Computerworld:
"The bank informed the Connecticut State Attorney General's Office that the tapes ... were lost in transport by off-site storage firm Archive America on Feb. 27. The missing backup tapes include names, birth dates, Social Security numbers, and other information from customers of BNY Mellon and the People's United Bank in Bridgeport, Conn., according to a statement by Connecticut Attorney General Richard Blumenthal.
Re:Stupid (Score:5, Insightful)
This is (just) showing up the way business is done everywhere - on the cheap.
On the surface, all companies go to the trouble to look good - glossy ads, well appointed offices, important landmark locations, etc. But often, just like in a restaurant, out the back it's all dim lighting, rusty hinges, paint peeling off walls etc.
Now I'm not saying all companies, but companies of a certain culture. The rest of this comment was going to be total flamebait so I'll leave it there.
Re:So when is the bank declaring bankrupcy (Score:5, Insightful)
It wouldn't work. The Fed and possibly Congress themselves would bail the banks ass out to "protect our financial stability" or some other nonsense.
When you're a big corporate entity in America, you don't have to worry about such trivial things that would put the little guy without the Government connections out of business.
Re:Unencrypted? (Score:4, Insightful)
Re:Stupid (Score:5, Insightful)
Re:Amazing how rarely this happened until recently (Score:4, Insightful)
It wasnt till recently that millions of peoples records was held on digital/analog media. Most things were still carried out via paper and pen which made the loss of millins of peoples data require dumptrucks.
It wasnt till around 2001 or so that things really became "online". And these things are only going to happen more and more frequently now, because as much scare as there may be when this stuff hits the news, it doesnt overrides peoples inherit laziness "oh a few clicks? fuckin A"...
Most people with a lot to lose (millions/billions of dollars), still do not do transactions via digital media, certainly not in an outgoing direction. Until they are hit, this probably wont change no matter how frequently it happens.
Re:really? again? (Score:3, Insightful)
Re:So when is the bank declaring bankrupcy (Score:5, Insightful)
That's nice for it. The question is how liquid are those assets and how much cash can it actually get its hands on at short notice. As banks in Britain have noticed, assets just ain't worth what they were.
Re:Digital leakage is getting to be more like (Score:5, Insightful)
FTFA:
"he [Blumenthal] said that he is pressing the bank to explain how some backup tapes disappeared while others on the same van arrived intact at the Archive America facility."
It's not a situation where it all got sent to the wrong place, or trashed accidentally, it was (what I would consider) obvious and intentional theft.
However, that doesnt mean that it was intended to be sold as a "bundle" on the Black Market, it could just have easily been some disgruntled worker with no real "plan" other than to fuck with the company, or even just get one individuals information from the 4.5 million (although I would likewise assume the former, Black market)
Re:I am one of the people affected (Score:5, Insightful)
TFA has a lot of information which wasn't given to customers in the letter. The tapes were unencrypted? I can believe that. I kind of assumed it, which is a sad state of affairs. There were names, DOBs and SSNs on the tapes? That I can believe, and assumed, but like I posted above, it wasn't made known via the notice that was sent out.
But how the hell can this guy say "that none of the unencrypted data has been accessed or used?" That's impossible for them to know. The tapes are out of their physical control - the people in possession of them now could have skimmed all those records off already, and just haven't used them yet.
The article doesn't mention the $25K of "insurance" that we get by signing up with the free credit monitoring. Except I'm an NY resident, and by NY state law they can't offer such insurance to me. WTF?
So here I sit, having managed to go 30 years with a lone incident of a "guessed" CC number as my only brush with identity theft, and now I'm left to be looking over my shoulder for the next several years thanks to this.
Re:So when is the bank declaring bankrupcy (Score:5, Insightful)
It's not just a matter of asset liquidity, but also of quality and mark-to-market value. Right now the issue is of toxic mortage securities that may be on the books at face value but in reality are worth who knows what. Thanks to the repeal of the Glas-Seagal act, there's nothing stopping commercial banks like Bank of NY from making the same stupid decisions as investment banks like Bear Sterns, and who wants to bet that the commercial banks know the markets any better than the investment banks (I'd have assumed the opposite).
Re:Digital leakage is getting to be more like (Score:5, Insightful)
Let's say that one out of 100 accounts gets pilfered lightly - says $100 is mysteriously transfered. That's $4.5 million. Let's say that another 1 out of 100 has their info used to produce fake IDs, and those IDs are sold to illegal immigrants/terrorists/underage college kids/whomever for $500 each. That's $22.5 million.
So, close to $27 million if you only abuse 2% of the victims.
What absolutely blows my mind is that if a bank transfers $4.5 million, they use multiple armed guards driving an armored truck. When they transfer 4.5 million customers' worth of data (worth presumably more than $1 each), they use
$4.5 million of the bank's money goes missing in a armored car heist, it makes national news immediately, and stays on for weeks. 4.5 million people have their information stolen, and the bank says
Those backups weren't worth a damn? (Score:2, Insightful)
---
If that is truly the case, then those tapes wouldn't have been worth a damn for restoration if there had been a disaster.
Re:So when is the bank declaring bankrupcy (Score:3, Insightful)
So if you go in and attempt to withdraw your money on deposit, and they pay you with an asset (other than cash on hand), they'd have to somehow give you a note - an IOU, where someone owes the bank money. That doesn't work too well.
If you don't think bank runs exist today, you need to just look back 2 months ago, to the Bear Stearns failure. [wsj.com]
Re:Stupid (Score:3, Insightful)
On the other hand, this situation may have been the result of a failure of imagination. If for instance, mailing these tapes became standard policy even though these tapes were never intended to have left the original facility and thus the records on the tape were never encrypted, this would have been a serious breach of the original security policy. The customer data should have been encrypted in every case, regardless of the storage medium used.
Strangely enough, I think that some of the problems that are faced in industrial worker safety are similar to those in computer security and that one might find a few useful concepts in a safety review of a BP refinery fire here:
http://www.bp.com/liveassets/bp_internet/globalbp/globalbp_uk_english/SP/STAGING/local_assets/assets/pdfs/Baker_panel_report.pdf [bp.com]
I think that the concepts of process safety, which involves the safety in the design of the system are important. Also the concept of open communication between employees and management with no retaliation for mentioning a legitimate potential safety issue is also important.
Re:So when is the bank declaring bankrupcy (Score:3, Insightful)
Of the 4.5 million people, only about 450k will notice it at all. And I think I'm taking an optimistic guess here.
Of those 450k, only 450 have the money and the guts to actually sue a bank.
And then some federal bullshitmaker (senator, congressman, I'm not firm in those things concerning the US) steps in and proposes a bill that whitewashes them retroactively (to "protect the economy" or some other BS) which passes unanimonously because it's tacked to something like flags for orphans, leaving 450 people without money on top of their privacy loss.