Bank of America Loses Backup Tapes Containing Customers' Personal Data

Last week, Bank of America disclosed that it lost backup tapes containing the personally identifiable financial information and credit card data of 1.2 million customers, including possibly that of all 100 U.S. senators and hundreds of thousands of other government employees. The Bank of America disclosure adds fuel to a growing uproar among privacy rights experts and government regulators who fear that Americans are increasingly threatened by identity theft and other privacy violations due to sloppy or inadequate data privacy and data security practices.

"The Bank of America and ChoicePoint incidents represent only the tip of the iceberg of what has become a global identity theft epidemic," said Jim Stickly, chief technology officer for TraceSecurity and an internationally recognized security expert. "Most Americans don't realize how poorly their private financial information is protected. Their information is stored on computer hard disks and tapes by the numerous trustees of this data -- including banks, brokerages, insurance companies, credit card companies, mortgage companies and credit rating agencies.

"Unfortunately, most of these trustees implement archaic data privacy practices that haven't kept pace with rapid technological changes. For example, most corporate data is stored on hard disks or tape drives in clear plain text, unencrypted, which means that the data is easily accessed by unauthorized persons. The data is especially vulnerable to social engineering exploits, which is when a criminal gains unauthorized access to data via subterfuge, such as gaining access to a tape backup room by posing as a janitor, fire marshal or an air conditioning technician.," Stickly said.