[Dataloss] time to name names (was Re: MORE BNY (Mellon Corp) Tapes lost)
jericho at attrition.org
Fri Jun 6 20:06:01 UTC 2008
: Let's say we do look at the commercial carrier, and the carrier offers
: insurance against loss and the customer either chooses the insurance or
: waives the insurance, most commercial carriers will make insurance
: available, offered with disclosure that if a package's worth is more
: than insurance will cover the carrier can refuse to carry the package,
: based on what the customer has disclosed. Interesting....
Which leads to, what did BNY (or others) claim the backup tapes were
Even if you go with a conservative estimate that one 'identity' is worth
less than 20 bucks (recently stated in a paper), that is still a lot of
money if the tapes have a million records. I really doubt BNY is
declaring the tapes worth that much.
So we have a system of couriers, off-site storage and backup providers
that seem to be a serious weak point in the data security. Taking this
one step farther, what if the tape *is* encrypted using really strong
encryption and the tape is lost. Does the company have to warn customers?
If not, will that lead to companies claiming strong encryption
regardless, knowing that the odds of the unencrypted tape being
discovered is very low, then falling back on "error in backup process, it
should have been encrypted" claims?
More information about the Dataloss