Yet Another Oops   5 comments

Hammer forwarded this along to me.  Here’s something you don’t want to have sent to you:

BNY Mellon Shareowner Services has informed SAIC that personal data for virtually all current and former SAIC stock account holders who held stock after February 1, 2006, or who held stock options or restricted stock after January 1, 1993 may be at risk of compromise.

Ouch.

BNY Mellon said, however, it had no reason to believe the data had been accessed or improperly used.

Companies always include this line in their data breach notifications.  For the record, you also have no reason to believe that the data hasn’t been accessed or improperly used, unless you encrypted the data (which you obviously failed to do, or you wouldn’t be announcing this in the first place).  This is throwaway language, the last thing I want to see included in an announcement that is supposedly Very Important News.

The risk arises from the loss of magnetic computer storage tapes used to back up certain stock account data. Earlier this year, BNY Mellon told SAIC that the personal information of only 1,376 former or current shareholders and optionees was at risk after backup computer tapes containing personal information were lost while being transported to an off-site storage facility. The firm said it raised the number of persons affected after receiving the report of an outside forensic investigation firm it hired to further investigate the matter.

The forensic investigation is still underway, but BNY Mellon said that some 38,000 SAIC account holders are known to be affected. No personally identifiable information of account holders with non-U.S. tax identification numbers has been found by BNY Mellon to be at risk.

[snip]

The data breach involved a number of client companies and some 12 million account holders.

Wow… from 1,376 to 12 million account holders.  That’s some severe misjudgment of scale, there.  As a consolation prize:

BNY Mellon has advised that it is offering all potentially impacted individuals a free credit monitoring product, Triple Alert ™, for 24 months.

I can’t help but think that my first response would be, “Hey, that’s grand.  How about you also refund all those fees you’ve been charging me for responsible management of my money, you incompetents?”

I have to admit I’m also concerned that what they lost was backup tapes.  How do you lose backup tapes?  Aren’t backup tapes supposed to hang around… in case… you ever… need… to RESTORE from tape?

Just once, I’d like to see one of these announcements include the list of people that were summarily fired with extreme prejudice as being responsible for the breach in question.

Advertisements

Posted October 2, 2008 by padraic2112 in security

5 responses to “Yet Another Oops

Subscribe to comments with RSS.

  1. Hi,

    These seems to be the only way to say “hi” without actually joining. I wanted to join the realms of hammer and vinnie, but I don’t think I ever had a nickname. I just phoned a friend, Meat, and he says I didn’t have a nickname. Aaaah!!! My self worth is so low now…. Can you guess who this is. By the way I finished medical school.

    C-YA
    Patsy

  2. You’re like me, you’re stuck with Patsy as there were no other Patsys, so there was never a reason for you to have another handle. 😉

    Hey, Meat! We need contact info for Meat. Actually, you need to get Meat here so that everyone’s inter-personal communication will totally depend on my blog, thus ensuring that I will always have self-worth as An Important Nexus of Post-Collegiate Communication (hell, it works for Facebook, right?)

  3. Patbook? Sh*tboxspace? I’m just spit-ballin’ here. Hey Patsy. Don’t believe it is you without pics. clothing optional.

  4. Vinny u cad. Keeping your record clean, never earned a single point for subtle.

    They don’t charge me monthly for the service, they charge the corporations, and some services for fees, which I don’t pay. Plus I have that Triple advantage thing going for me.

  5. I’m nothing if not consistent!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: