Two weeks ago, the Bank of New York Mellon Corp. admitted that two couriers hired by the company lost several unencrypted data tapes in the last few months -– a box of tapes was lost in February and a single data tape was lost in April. “Combined, the two data breaches exposed sensitive information of more than 4.5 million people and 747 companies,” ComputerWorld reports.
The data on the tapes included names, Social Security numbers, images of scanned checks, and more. The Connecticut Consumer Protection Commissioner has launched an investigation, as state law requires banks to immediately notify customers when such data is lost. Almost 500,000 Connecticut residents are at risk of identity theft because of the data loss.
Bank of New York Mellon has agreed (pdf) to “provide comprehensive fraud protection” to affected consumers. This “includes two years of free credit monitoring, $25,000 worth of identify theft insurance and dedicated hotlines to assist affected consumers.”
The bank also said it was taking “additional steps to enhance existing security measures and minimize such threats in the future.” These steps include: 1) reviewing its data security policies and procedures; 2) “[r]equiring that, when technically feasible, confidential data be transferred within the Company via direct encrypted electronic transmission in order to minimize the need for data storage tapes and their transport”; 3) “[r]equiring that confidential data that needs to be written on tapes or CDs for transport be encrypted or be transported with added controls”; and, 4) “augmenting” company efforts to ensure employees actually comply with security requirements.
I echo numerous security experts when I say: Encrypt your data. Don’t be like Bank of New York Mellon, which only added this minimum level of security after it lost data on 4.5 million individuals and 747 companies. Don’t be like the federal government, which has 1.2 million unencrypted laptops even though it gets an 80 percent discount on encryption software.
Encryption is a basic level of security. It is not expensive. It does not have to be complex. But it will save you a world of headaches if you lose or have stolen your laptop, USB key, CD, external hard drive, or other mobile computing equipment.