|
|
|
|
| Author |
|
|
Too big to fail
|
For the UPS hatahs...
UPS loses package containing data tapes with personal and financial data on almost 4M people
http://www.usatoday.com/tech/news/computersecurity/infotheft/2005-06-06-citifinancial-lost-data_x.htm I've always wonder how they 'lose' packages. I've been to a UPS transfer facility, where they move packages from the big trucks to the little trucks, and while it's possible for packages to fall off conveyer belts, it didn't seem obvious where they could 'hide' from that point. Is the stuff falling off the trucks? Random thefts? Getting run over by a forklift and then sent to the dumpster?
__________________
"You go to the track with the Porsche you have, not the Porsche you wish you had." '03 E46 M3 '57 356A Various VWs |
||
06-09-2005, 06:45 AM
|
|
|
Registered
|
Yeah, I think its a combo of theft and destruction all under the banner of "lost". It would be nice to see "loss" percentage stats for each carrier.
__________________
Warren & Ron, may you rest in Peace. |
||
|
06-09-2005, 06:59 AM
|
|
|
B58/732
Join Date: Feb 2000
Location: Hot as Hell, AZ
Posts: 12,313
|
I guess you can pin this on UPS to some degree, but frankly I would hold CitiGroup 100% responsible as well.
There needs to be a law against such cavalier handling of personal information. Yet another way the government lets Corporate America screw the blind voting public.
__________________
ΜΟΛΩΝ ΛΑΒΕ I don't always talk to vegetarians--but when I do, it's with a mouthful of bacon. |
||
|
06-09-2005, 07:04 AM
|
|
|
Certified Pre-Owned
Join Date: Aug 2002
Location: Nanny State
Posts: 3,132
|
What's really annoying is that the information on the tapes was not encrypted or password protected (from what I read). That is maddening. Granted it probably wouldn't stop a knowledgeable IT person from retrieving the personal info off the tape, it probably would stop 99% of the people who tried to access it and help Citibank cover their arse. How moronic...
This happened about a 2 months ago with Ameritrade as well. Its like just shippping a few hundred thousand greenbacks through the mail...
__________________
'84 Carrera Coupe |
||
|
06-09-2005, 07:13 AM
|
|
|
Cars & Coffee Killer
Join Date: Sep 2004
Location: State of Failure
Posts: 32,246
|
Tapes should be shipped via a secure service (like an armored car) to a secure location (like a vault) for storage.
__________________
Some Porsches long ago...then a wankle... 5 liters of VVT fury now -Chris "There is freedom in risk, just as there is oppression in security." |
||
|
06-09-2005, 07:19 AM
|
|
|
Registered
Join Date: Mar 2003
Posts: 10,322
|
There is a poster on Fark who's husband works with the data transfers mentioned. He's been pushing to have it sent in electronic form and encrypted. His boss(es) keep shooting it down, since "only terrorists encrypt data like that".
There should be a law where the corporations are responsible for data security and liable for when it is broken.
__________________
“IN MY EXPERIENCE, SUSAN, WITHIN THEIR HEADS TOO MANY HUMANS SPEND A LOT OF TIME IN THE MIDDLE OF WARS THAT HAPPENED CENTURIES AGO.” |
||
|
06-09-2005, 07:22 AM
|
|
|
Cars & Coffee Killer
Join Date: Sep 2004
Location: State of Failure
Posts: 32,246
|
I agree.
The data precautions I see taken by my employer make shipping tapes via UPS seem like gross negligence.
__________________
Some Porsches long ago...then a wankle... 5 liters of VVT fury now -Chris "There is freedom in risk, just as there is oppression in security." |
||
|
06-09-2005, 07:31 AM
|
|
|
Registered
|
Any manager that shoots down encrypting PII (Personally Identifiable Information) for the reason stated above should be fired.
The cost for securing data is sometimes very high. That's why many executives have such a cavalier attitute. But look at the alternatives. You'd think something this obvious would be handled properly. Most responsible corps use a storage facility that transports in a secure manner. For example we use Iron Mountain for offsite storage. Regarding laws and industry standards; Visa and other card companies have banded together and instituted security guidelines that CC processors or merchants must follow....it's called Payment Card Industry or PCI (formerly CISP) and the fines and resultant costs are potentially very high. Your level of compliance is determined by the volume of CC transactions one handles. California also has a law that requires any breach to be reported to all potential "victims". The laws and industry self governance are coming...just very slowly.
__________________
Warren & Ron, may you rest in Peace. |
||
|
06-09-2005, 07:40 AM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,345
|
Liability is the key - if you don't encrypt then you're 100% liable.
Working in the data security business myself these days if you for example loose a laptop and it wasn't encrypted and the data loss is significant - you're liable because you didn't make even reasonable attempts to protect the data. Encrytion is easy to do and hard to break - especially on fly encrypted file transfers - easy as freakin pie man...no excuses - ROI is instant good pr. You're fired. End of story.
__________________
-The Mikester I heart Boobies |
||
|
06-09-2005, 08:05 AM
|
|
|
Registered
Join Date: Jun 2005
Location: I am here...Zinzinnati, Ohio
Posts: 26
|
To be fair to UPS its possible the label came off & the item(s) are sitting in a warehouse waiting to be claimed;then again the belts that move the boxes to & fro generate tremendous force & would crush anything in its path if a blockage occured. Tape should have been encrypted imo.
|
||
|
06-09-2005, 02:46 PM
|
|
|
Registered
|
Quote:
Good point. That's why they ask shippers to put a copy of the "Ship to" and "from" info inside the package as well. I suspect most dont.
__________________
Warren & Ron, may you rest in Peace. |
||
|
06-10-2005, 06:24 AM
|
|
1985 Porsche 911 3.2 (Still in the stable)
1993 BMW 740 IL (Sold)
1985 Mercedes 380 SL (Sold)
1992 Harley Davidson Fatboy (Sold)
1971 Mercedes 280 SL (Currently being restored)
