People's Bank of Connecticut, 90,000 SSNs, UPS & TransUnion
A computer tape from a Connecticut bank containing personal data on 90,000 customers was lost in transit recently, the bank reported today.
People’s Bank, based in Bridgeport, Connecticut, is sending letters to the affected customers, it said in a statement. The tape contains information such as names, addresses, Social Security numbers and checking account numbers. It was bound for the TransUnion LLC credit reporting bureau, based in Woodlyn, Penn., via United Parcel Service of America Inc. (UPS), the bank said.
From “Bank tape lost with data on 90,000 customers,” [link to http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,107661,00.html?source=x221 no longer works] via Canadian Privacy Law blog. Maybe someone should make the credit agencies liable for accepting unencrypted tapes?
Can’t be read w/out a mainframe?
Just buy this tape drive [http://tinyurl.com/b5b7h] and then:
hax0r@solaris%~ dd if=/dev/rmt/0 conv=ibm
At this point, I don’t think I want to know the format of these records, but I’m fearful I could find out by learning about everybody’s favorite legacy technology, EDI. Especially the transaction sets pertaining to credit reports and mortgage applications.
Is it *really* cheaper to do this via UPS compared to, oh I don’t know, XML over an encrypted link?
I expect they’ll be looking at using encryption pretty quicly. A similar incident happened to ABN AMRO last month (See: The Canadian Privacy Law Blog: Incident: Tape containing records of 2 million mortgagors lost). Luckily, the tape was found by DHL but the bank announced that it would switch to an encrypted link to transmit the info (See: The Canadian Privacy Law Blog: Handle your incident well and good publicity may follow).