14th June 2005, Northampton, UK - Millions of people are at risk of identity theft because of the common business practice of making backup copies of data to magnetic tape, according to experts at British encryption company DISUK. If the ‘wrong’ backup tape is lost or stolen, sufficient personal data to clone thousands of identities could fall into criminal hands.
Well-publicised thefts of information from company databases or websites have persuaded the vast majority of businesses to use techniques such as firewalls to prevent intrusion by hackers. Such losses are now usually attributable to human error having made such a theft possible.
However, almost every company makes secondary, offline – “backup” - copies of its data, in case the primary copy is lost or becomes corrupted for any reason. All data is backed up at some point in its life, including passwords, addresses, dates of birth, places of birth and mother’s maiden names.
The potential for theft exists because the most popular medium for storing these backup copies is magnetic tape. The problem is that magnetic tapes, being physical objects, can be lost or stolen1. Worse, the data stored on magnetic tapes is usually not encrypted2 – making it easily readable by a moderately skilled third party.
Worse still, most of the information necessary to clone identities - such as address and date of birth – changes either rarely, or never. Even an old tape could contain information that would enable a criminal to borrow money or apply for credit cards in the names of many victims3.
Hamish Macarthur, CEO and founder of Macarthur Stroud International said: “It is the responsibility of each company to protect and secure its information systems. If information becomes public, whether it be intentional or through carelessness, it is not just the company and its shareholders which suffer from that loss. It may also impact a wider circle from employees whose livelihoods are adversely impacted to customers or suppliers who are exposed to potential fraud.”
Corporate identity theft is also possible: information could enable a criminal fraudulently to obtain goods or services by posing as a company. In 2004, this type of fraud cost UK businesses more than £50m.
The potential for information theft is exacerbated by the removal of tapes from a company’s main premises, and is especially acute among smaller companies. Some companies use specialist suppliers to transport and guard their tapes in a completely different location to the primary data copy. This ensures that, in the event of disaster, the backup tapes are not destroyed along with the primary data.
But, especially in smaller companies that have limited resources or feel that they only have a small amount of vulnerable data, it’s very common for backup tapes simply to be taken home by the IT administrator. These backup tapes are clearly vulnerable to accidental loss or to theft from private cars or homes.
The good news is that this particular window of opportunity for identity thieves is about to begin to close. British encryption specialist DISUK today announced a low-cost, ‘tape-encryption-in-a-box’ backup solution aimed squarely at smaller companies. SafeTape™ requires no technical expertise whatsoever, but enables companies to create safely encrypted backup tapes of all data. Should any tape be lost, its contents will be unreadable without the encryption ‘key’ known only to authorised company personnel.
Paul Howard, managing director of DISUK, said: “For many reasons there are more copies of data floating around than ever before, and a great deal of it is on vulnerable magnetic tape. Just one of these – the ‘wrong one’ – falling into the wrong hands undetected could easily result in literally tens of thousands of identity thefts all occurring at once. SafeTape is low-cost and simple and means that there’s no excuse for companies now. It’s time for business to eliminate this weak spot in their security arrangements before someone successfully takes advantage.”
The encryption – or not – of magnetic tapes has significant legal ramifications. The UK’s Data Protection Act (1998) requires that: ‘You must safeguard your own or anyone else’s data, by appropriate precautions against loss, corruption or unauthorised disclosure’, so an organisation losing a magnetic tape containing personal data would immediately appear to be in breach of the Act.
Such a breach could, however, be cancelled out if the data had been effectively encrypted such as to render the contents unreadable. Conversely, as the technology now exists to encrypt tape data, it’s possible that the loss of an unencrypted tape could increasingly become seen as doubly serious.
Of course, post-incident operational and legal costs, plus the cost of the potential public/employee/customer/supplier relations fallout, may ultimately far exceed the cost and operational overhead of encrypting backups. It takes an average of 16 months for victims of identity fraud to realise they’ve fallen prey to this crime and can take up to two years for victims to repair the damage to their credit report.
Taking the precaution of tape encryption is recommended by Iron Mountain, the world’s largest data protection service providers. In April 2005, its chairman Richard Reese issued a statement that says: “The only effective means to prevent unauthorised access to data is the use of encryption.”
1 Bank of America confirmed that a small number of computer data tapes were lost during shipment to a backup data centre. The missing tapes contained U.S. federal government charge card program customer and account information. Full press release at: http://www.bankofamerica.com/newsroom/press/press.cfm?PressI...
The missing tapes contained data from Time Warner, including personal information on current and former employees. An outside data storage firm lost the container of its computer back-up tapes during shipment to one of that firm’s storage facilities. Full press release at: http://www.timewarner.com/corp/newsroom/employee_data_tapes/...
2 According to Enterprise Strategy Group, only seven per cent of businesses encrypt all their backup tapes. The analyst firm polled almost 400 companies and found that more than 60 per cent did not encrypt any of their backup data, and only seven per cent encrypt all their backup data. Companies in the financial services industry were among the worst performers: two-thirds of the financial firms polled never encrypt the data that they were backing up. Even large companies do not perform particularly well: more than half of companies with revenues greater than $1 billion had never encrypted their data before putting it on tape. http://home.businesswire.com/portal/site/google/index.jsp?nd...
3 According to CIFAS (the UK’s fraud prevention service), 120,000 impersonations were detected in 2004, costing the UK around £1.34 billion a year. http://www.cifas.org.uk/press_20050428.asp
Full product details, photographs and interviews available. Please contact:
Rose Ross / Hannah Knowles
Omarketing Limited (for DISUK)
T: +44 (0)20 8255 5225
E: email@example.com / firstname.lastname@example.org
About DISUK Limited
DISUK Limited is a British company specialising in design and manufacture of data storage encryption systems for corporate, finance, government and military customers.
Founded in 2004, it is the only privately funded independent provider of data storage encryption. DISUK headquarters are in Northampton, UK and it supports global sales through a network of established data storage and security distributors.
For more information about DISUK and its encryption products, please visit www.disuk.com.
SafeTape TM is a secure backup tape subsystem with built in encryption. It’s simple to install and supports SCSI, Fibre Channel and iSCSI interfaces, is compatible with all major backup software, and availbale with either, LTO, AIT or SDLT tape drives.
“Powered by Paranoia”
SafeTape products utilise the latest generation of encryption engines from the Paranoia family and are fully compatible with the Paranoia2 product range which has been in use throughout Europe and North America since 1997.
# # #
SafeTape and Paranoia2 are registered trademarks of DISUK Limited. All other company, product or service names herein may be trademarks or registered trademarks of their respective owners.
This press release was distributed by ResponseSource Press Release Wire on behalf of Omarketing Limited in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.