California officials holding breath over lost data cartridges
| Topic : Data Loss Prevention, Security and Compliance
Data security breaches can result from complex software attacks or sophisticated phishing efforts, but a recent exposure of identities in a California database came from a simpler source - misplacing a stack of data storage devices.
In a stroke of irony, data managers with the California Department of Child Support Services were running a disaster preparedness exercise in March when they misplaced four computer storage devices, according to The Washington Post.
The units contained the names, Social Security numbers and other private records of about 800,000 adults and children, posing a danger of fraud, identity theft and threat to their credit scores.
Security contractors were trying to prove the department's computer systems could be run remotely during a disaster. The test worked, but when workers attempted to mail the backup disks back from Boulder, Colorado, to Sacramento, California, the overnight box fell apart and several cartridges slipped out, said spokeswoman Christine Lally of the California Office of Technology Services.
Other information lost included the families’ addresses, driver’s license numbers, and the names of employers and health insurance providers.
Fortunately, the missing cartridges are designed to be run on specialized machines using proprietary software, so they would be unintelligible to a typical computer user with a laptop, Lally told the news source.
Still, lessons from the incident include the need for eternal vigilance in data protection. Every business needs a combination of robust data loss prevention policies, using both security software and personnel training, experts say.
After ensuring the organization has top-level anti-virus, email security and spam detection packages, leaders must ensure that workers keep track of their hardware.
Since 2005 alone, companies have committed 837 breaches affecting almost 169 million records through lost or stolen laptops and smartphones, according to records from the Privacy Rights Clearinghouse.
