Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Database

    Lets Demand Names in Data Fumbles

    By
    Lisa Vaas
    -
    October 4, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Lets Demand Names in

      Data Fumbles”> Connecticut recently announced it will sue Accenture for negligence after a backup tape with confidential information of Connecticut residents and agencies was stolen from a car belonging to an intern working for the CIO of Ohio.

      Sound like a disconnected trail?

      Specifically, Attorney General Richard Blumenthal said in a Sept. 19 press release that his office is suing the IT consultancy and outsourcer due to “illegal negligence, unauthorized use of state property and breach of contract”—not because the tape was stolen, given that it was out of Accentures hands, but because the Connecticut information had been moved without permission from a Connecticut computer and transferred to an Ohio computer and thus wound up on an Ohio backup tape. The tape was stolen from the interns car back in June, with the result being the loss and potential exposure of 58 state taxpayers and hundreds of purchasing cards and state bank accounts worth millions of dollars.

      Accenture has admitted that its employee or employees didnt follow the companys privacy and security policies. Quite simply, the firm didnt have Connecticuts permission to share the information, but nonetheless allowed it to be copied onto the Ohio tape.

      Thats well and good—Accenture is singing its mea culpa, as it should. The firm is also promising to persist in “impress[ing] on [employees] the importance of following our policies.” Why bludgeoning employees over the head with security policies they apparently ignore will work post-breach when it didnt pre-breach is a mystery to me, but who knows, perhaps Accenture will succeed in working out more effective mind control than the many companies whose employees run around with laptops dangling out of car trunks.

      Click here to read more about the TJX data breach.

      And kudos to Connecticut, as well. This is how these endless data breach stories should work but so often do not: A vendor screws up, leading to a security breach that exposes sensitive information. Then somebody somewhere down the line demands to know why it happened, whos responsible, and what they intend to do about ameliorating security procedures and/or lack of adherence to those policies. Then—and heres the piece thats usually missing—they go so far as to publicly out the irresponsible party and even press charges. And thus justice is served, we all know which companies cant even follow their own security policies, we avoid them like the plague and slowly we rise from the muck and evolve to a more secure world, at least in theory.

      Its easy to compare last weeks data breach at the Gap unfavorably with this Connecticut story. On Sept. 28, the clothing retailer announced that a laptop with the personal information of some 800,000 job applicants had been stolen from the offices of a third-party vendor that Gap declined to identify.

      A colleague, Executive Editor Michael Hickins, demanded accountability in a recent blog posting, asking why the Gap is protecting the vendor by refusing, thus far, to identify it. “If customers wont hold their vendors feet to the fire for such activity, when will this kind of breach ever cease?” he asked.

      That unnamed vendor should indeed be taken to task. The Gap is now in the process of contacting an enormous number of people in the United States and Canada whose information may have been compromised, and its providing credit reporting services to those affected for up to a year, at what surely must be a significant cost—particularly galling, given that the vendor broke the terms of an agreement that the information that wound up stolen be encrypted.

      Page 2: Lets Demand Names in Data Fumbles

      Lets Demand Names in

      Data Fumbles”>

      Of course, we cant expect immediate accountability and retribution. The Gap only disclosed this breach last week, after all, and its now got its hands full just notifying the affected job applicants, investigating what happened and taking steps to ensure it doesnt happen again. Those are all top priorities.

      But when the dust settles, I fervently hope for a few things: First, I hope the Gap publicly discloses the vendor responsible for the shoddy handling of sensitive data that led to this unnecessary debacle. Not that public shaming is a guaranteed punishment or disincentive to further bungling, mind you. As RSnake—aka hacker Robert Hansen—noted in a posting Oct. 3, theres “no evidence whatsoever” that TJX, for example, suffered following its own massive data breach. “If you look at the TJMaxx 1 year stock chart not only did they recover from the huge security breach in Feb, but theyre actually up!” he wrote. “Clearly, the consumers and the investment community has decided to overlook their issues. Strange.”

      Perhaps consumers are willing to overlook TJXs security glitches. They dont think twice when handing over a credit card in a store thats inadvertently allowed their information to be handed over to thieves, evidently. But its another matter entirely when youre talking about an organization entrusting its sensitive information to a third party. Public shaming at the corporate level will carry much more weight when it comes down to sitting over the conference room table to talk about a vendors track record with security breaches.

      So yes, public outing in the case of the Gaps vendor is one hope. Another hope is that the chain of culpability in the Ohio case reaches far and wide enough. After all, it was acceptable at some level, officially or not, that the Ohio CIOs office was sending a backup tape home with a different person—read, interns—every night.

      Emerging Chaos blogger Adam had some great takeaways on this: First, build your projects with new data, instead of reusing templates that can have leftover data still clinging to them, such as what apparently happened with Connecticut data left over in a template for an Ohio project. Second, Outsourcers “are likely to cut corners in ways they dont think youll catch,” he wrote. Third, supervise interns.

      And as far as overall response to data breaches goes, Id say a good takeaway is lets hold everybody responsible, reaching as far along the chain of culpability as possible.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×