Computerworld - The loss of unencrypted storage media from an Iron Mountain Inc. vehicle last month renewed calls for IT managers to better protect data stored off site.
The Louisiana Office of Student Financial Assistance (LOFSA) said the unencrypted data lost from the vehicle of its contractor on Sept. 19 included the names, birth dates and Social Security numbers of thousands of state residents.
The state agency, based in Port Allen, La., administers several state scholarship programs as well as the state’s 529 College Savings Plan.
Sue Boutte, assistant executive director and chief operating officer of the agency, this week declined to say whether the unencrypted data was stored on tape or disk drives. However, she conceded, “If you trust your data to a courier, then obviously something like this can happen.”
According to Boutte, the incident occurred while the agency was working on a plan to encrypt all backup data stored off site.
“LOFSA was in the process of developing our disaster and recovery plan, but [the loss] occurred before we could get it in place and establish it as a standard plan,” she said.
In a statement, Boston-based Iron Mountain blamed the loss of the device on “a driver [who] did not follow established company procedures when loading the container onto his vehicle.” The statement also noted that the company “encourages” its customers to encrypt backup data.
In a recent interview, Iron Mountain CEO Richard Reese said his firm is working hard to eliminate human error by its employees. For example, the company announced this summer that it is retrofitting its fleet of trucks with a new self-designed security and tracking system.
A similar incident two years ago prompted TD Ameritrade Inc. to encrypt all of its backup data, said a spokesman for the Omaha, Neb.-based financial services firm.
The backup tapes, later recovered, fell off a conveyor belt and became lost in a shipping facility of an undisclosed contractor. Those tapes contained personal data on 200,000 Ameritrade clients.
At the time we re-evaluated our [backup] processes and procedures, and from that point forward, we encrypted [all data] and have taken that extra level of protection,” the spokesman said.
Brian Babineau, an analyst at Milford, Mass.-based Enterprise Strategy Group Inc., said that IT managers who don’t encrypt data are “not doing their jobs. Organizations need to understand that encryption is a necessity and not a luxury anymore.
“This would be the equivalent of not locking your luggage when you travel overseas or leaving your wallet exposed in your back pocket,” he added.
Read more about Applications in Computerworld's Applications Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
