Hammer forwarded this along to me. Here’s something you don’t want to have sent to you:
BNY Mellon Shareowner Services has informed SAIC that personal data for virtually all current and former SAIC stock account holders who held stock after February 1, 2006, or who held stock options or restricted stock after January 1, 1993 may be at risk of compromise.
BNY Mellon said, however, it had no reason to believe the data had been accessed or improperly used.
Companies always include this line in their data breach notifications. For the record, you also have no reason to believe that the data hasn’t been accessed or improperly used, unless you encrypted the data (which you obviously failed to do, or you wouldn’t be announcing this in the first place). This is throwaway language, the last thing I want to see included in an announcement that is supposedly Very Important News.
The risk arises from the loss of magnetic computer storage tapes used to back up certain stock account data. Earlier this year, BNY Mellon told SAIC that the personal information of only 1,376 former or current shareholders and optionees was at risk after backup computer tapes containing personal information were lost while being transported to an off-site storage facility. The firm said it raised the number of persons affected after receiving the report of an outside forensic investigation firm it hired to further investigate the matter.
The forensic investigation is still underway, but BNY Mellon said that some 38,000 SAIC account holders are known to be affected. No personally identifiable information of account holders with non-U.S. tax identification numbers has been found by BNY Mellon to be at risk.
The data breach involved a number of client companies and some 12 million account holders.
Wow… from 1,376 to 12 million account holders. That’s some severe misjudgment of scale, there. As a consolation prize:
BNY Mellon has advised that it is offering all potentially impacted individuals a free credit monitoring product, Triple Alert ™, for 24 months.
I can’t help but think that my first response would be, “Hey, that’s grand. How about you also refund all those fees you’ve been charging me for responsible management of my money, you incompetents?”
I have to admit I’m also concerned that what they lost was backup tapes. How do you lose backup tapes? Aren’t backup tapes supposed to hang around… in case… you ever… need… to RESTORE from tape?
Just once, I’d like to see one of these announcements include the list of people that were summarily fired with extreme prejudice as being responsible for the breach in question.