"Hacker hits up to 8M Credit Cards"
Probably everyone has noticed all the headlines lately about lost and stolen credit cards. "Bank loses a million customer records." "Hacker hits up to 8M credit cards." This has obviously become a hot topic for banks and other financial institutions, and I got to hear first hand how they are thinking about the issue.
The reason for these headlines is that California and New York have passed disclosure laws that require companies who lose confidential consumer data to notify the customers and the public. The laws have had their desired effect, because an issue that had been simmering in the background for years has suddenly become national news.
Some of our customers have had headlines written about them, and I can tell you that this is painful for them. I learned that one customer spent tens of millions of dollars in the cleanup required for just one lost backup tape. The cost included figuring out which of their customers' credit cards had been lost, notifying those customers, and then paying for a year's worth of credit reports to help those customers track whether anyone was using the stolen credit card numbers. One follow-up study of people who were notified that their personal information had been lost found that 20% of the people had already stopped doing business with that company and another 40% were considering it.
You can be sure that these companies are highly motivated to solve this problem. It goes beyond the money to deal with a particular lost tape; they worry about the cost to their reputation. As I said, the disclosure laws are having their desired effect.
Part of their challenge is the conflict between protecting data and keeping it secret. The best way to protect data is to make multiple copies and send them offsite. One of our customers said, "You've got to understand, I've got ten thousand backup tapes at Iron Mountain. We're not talking about a small problem here." Another customer said, "That's nothing - I've got a hundred thousand tapes at Iron Mountain." Yet another customer said, "I've got a Six Sigma quality program in place, but even if I meet my quality targets, with so many tapes, I'm still going to lose 10 or 15 tapes a year."
The bottom line was that pretty much everyone in the room had plans to encrypt their backup tapes at a minimum.
Comments