Sunday, 29 July 2012

Three Famous Data Thefts and How to Avoid Them

With the ever increasing risk of data loss and theft, it has become important for businesses and corporations to manage their data in line with strict measures and procedures. In recent years, large corporations and government bodies have faced hefty fines because of their own failings. With strict data protection legislation being enforced, as well as the risk of losing customer support, many have turned to third party companies to look after their data storage or destruction needs.

Improper Destruction of Data

In June 2012, Brighton and Sussex NHS Trust were ordered to pay a £325,000 fine when it was revealed that computer hard drives containing the sensitive information of thousands of patients had been stolen. The data included staff details, national insurance numbers, home addresses, hospital IDs and even information relating to criminal convictions. The theft occurred when an IT worker was instructed to destroy over 1,000 hard drives at Brighton Hospital. Rather than destroy them properly, several of the hard drives were auctioned on eBay, eventually being purchased by a data recovery company. The hospital was unable to explain how the individual removed at least 250 hard drives from supposedly secure rooms without supervision and without being given access.
To avoid such grievous errors, as well the heavy fines that come along with stringent data protection legislation, companies must comply with confidential data destruction in a safe and secure manner. Third parties exist which offer a 'data shredding' service customised to companies' individual needs. All documents, whether they be hard drives, DVDs, CDs or paper, are securely transported to a shredding facility and destroyed. There is no chance of recovery, and it is less hassle for the business.

Insecure Transit of Personal Records

In 2007, the personal records of 25 million people were lost in the post. The data included sensitive information such as dates of birth, addresses, bank accounts and national insurance numbers. The two discs had been sent without insurance or recorded delivery by a government employee. Because of this, there was no way for investigators to determine precisely where the package was misplaced or stolen. This critical data protection breach potentially allowed for mass identity fraud. The worth of the unencrypted data to cyber-criminals was estimated to be at least £1.5 billion.
To avoid breaches of security protocol, third party companies can be used to ensure the method of transfer always results in a secure delivery with no data loss along the way. By maintaining a chain of custody for all data transfer, as well as GPS tracked vehicles, the whereabouts of the data can be determined at any given time. These third party companies can ensure quick and orderly transit with minimal data loss and theft.

Sony's PlayStation Network (PSN) Data Loss

In the summer of 2011, users of Sony's PlayStation Network were put at risk when the company admitted that hackers had broken into their system and accessed the unencrypted personal information of up to 77 million people. The data included user's names, addresses, date of births, e-mail addresses and PSN usernames and passwords. A small group of user's credit card information was also said to have been compromised.

The cost of the network downtime while Sony fixed the breach was an estimated $171 million. Sony also faced a $1.5 billion lawsuit and had to answer tough questions from the US House of Representatives and government agencies from across the world. Sony faced criticism over poor safeguarding of sensitive data and acting too late to fix the problem.

Third party data companies offer a variety of methods for countering data loss. Offsite storage facilities can cater to large corporations and offer secure data protection, storage, backup and recovery. The facilities have dedicated staff who are trained and prepared for a variety of security needs, whether it be secure transport, storage or destruction of any digital or physical information.

Nathan Morgan has been a IT professional for 14 years. He is now dedicated to online marketing, focused on search engine optimisation and social media marketing.

No comments: