Data lost on 650,000 accounts

Another week, another breach. This time, personal information on 650,000 customers at J.C. Penney and up to 100 other retailers went missing after a storage tape disappeared. GE Money, which is part of General Electric Capital Corp. and handles credit-card operations for Penney and other retailers, said the information included Social Security numbers for about 150,000 people. As if that disclosure wasn't bad enough, the information was on a backup storage tape that was discovered missing last October. And to make it even worse, the information was being stored at a warehouse run by Iron Mountain, a company whose operations were thought to be invulnerable.

But maybe there is also bit of relief to be found here. Iron Mountain spokesman Dan O'Neill said it would take specialized skills for someone to lift the personal data from the tape. He said that the company still regretted the incident, however. "Because of the volume of information we handle and the fact people are involved, we have occasionally made mistakes," O'Neill said.

To make amends, GE Money is paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape. But that hardly corrects a growing problem that cuts across many different types of industries. The Identity Theft Resource Center says there was a sixfold increase last year in the number of stolen records. That means that your tapes may not be as safe as you think, and every CIO should always check and check again to make sure information is protected and not taken from a seemingly safe environment.

For more on this security breach:
- Check out this CIO-Today article