Entries Tagged 'Data Disaster' ↓

That’s right. It finally happened. The hard drive on my hard working little laptop finally succumbed to the strain of working constantly beyond its limits. Fortunately, I have been backing up my data, but it will still be a pain to get the new system (which I’m picking up today) up and running how I like it.

Anyway, just a quick reminder that no one is immune to drive failures. Back up  your data.

In yet another illustration of the dangers of transporting tapes off-site, over 2 million medical records (including Social Security numbers) were stolen from the University of Miami. The theft appears to be random as the tapes were stolen from a van transporting them to an off-site location and the data (encrypted and compressed) does not appear to be vulnerable. Still, this sort of theft is a concern to anyone transporting data to an off-site location.

The University of Miami has temporarily suspended their disaster recovery efforts to investigate other off-site options, but with the Act of God frequency pretty high down there, they will be wanting a solution soon. It will be intersting to see which way they head.

I will tread somewhat lightly on this disaster to avoid a political debate in which this particular blog has no interest. If you want political debates you’ll have to meet me for a beer. That said, I have seen the White House in the news attached to backup so often that I couldn’t continue to completely ignore it.

Basically, there are a large number of emails missing from the backup records that the White House keeps, and the explanation for the missing tapes has been somewhat suspect. Robert K. Blechman gives us a good rundown of the questionable claims in his blog post, so I won’t go into it any further than I have. Give it a read and draw your own conclusions.

That said, this story is a good reminder of the importance of carefully documented backup procedures. Most of the White House’s issue seems to be based on confusion, real or feigned, over the agreed upon backup methodology. It is vital for companies, and government organizations, to have a backup plan that is clear and easily followed.

The issue of tapes also comes into play in this story, but that is something we will get into later. For now, lets try to imagine an appropriate backup plan for White House email records and a way in which that plan could be presented without leaving such room for error.

In addition to bringing you updates on technology, advice on backup best practices and occasional misguided musings, this blog will also follow the world’s data debacles. Like drivers slowing down as they pass the scene of an accident, we will, at times, be guilty of gaping, gawking and staring at the smoking remains of a data disaster. These stories are not shared to mock the victims or to take comfort in their misfortune because it is not ours. Rather, we examine these disasters in order to understand our own vulnerabilities and the importance of data safety. If they are somewhat amusing every once in a while, that is simply a bonus. Not really the case with todays entry though.

Today the AP reported that the credit card numbers of 650,000 people have been “misplaced”. These credit cards are handled by GE Money for JC Penney and other major retailers. Among those 650k are 150,000 that have social security numbers attached, putting them at a greater risk for identity theft.

The data in question was stored on a backup tape at a data storage warehouse run by Iron Mountain, and was discovered missing in October. There are apparently no signs of theft but the tape is definitely not where it is supposed to be.

Sensitive data is a valuable commodity, tempting for thieves and difficult to secure. GE Money is providing credit monitoring for those effected and has been performing a major notification campaign. This campaign might, according to the AP article, be flawed due to the fact that the letter comes in a GE Money envelope and is likely discarded as junk by many of the recipients. Hopefully this loss won’t have any painful ramifications for the individuals involved, but if it does the notification process might find itself the subject of unpleasant scrutiny.

Data loss happens. Tapes disappear. Hard drives fail. The only thing one can do is be prepared and have a disaster recovery plan for every contingency. The notification of those affected is an important part of this plan as, of course, is a backup of that important data.

Note: JC Penney is not in any way at fault for the loss of data. The other retailers affected remain undisclosed.