InfoWorld is reporting in Gap contractor blamed for data breach by Robert McMillan that two laptops containing the personal data of 800,000 job applicants have been stolen, but instead of blaming their security procedures Gap is blaming an "unnamed contractor". Robert says : On Friday, Gap said the data had been stored on two laptop computers that were stolen from the vendor's offices. Although the job applicant information on the laptop -- which included Social Security numbers -- was supposed to be encrypted, it was not. Gap's online job site is run by Taleo, but on Friday, Taleo said that it wasn't responsible for the breach. "The data loss involved a Gap vendor that processes job applicant data. Taleo was not the vendor involved in this data loss," the company said in a statement. Gap learned of the theft on Sept. 19, the company said in a letter sent to those affected. Still, "the company has no reason to believe the data contained on the computer was the target of the theft or that the personal information had been accessed or used improperly," Gap said in a statement. The laptop had information on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. Gap has set up a Web site to assist those who may have been affected by the breach. Victims are being offered one year of credit monitoring and fraud resolution assistance.
This episode illustrates an ever increasing problem, as technology advances and data becomes more and more concentrated the larger and larger the data breaches will become. Ten years ago an entire database of 800, 000 job applicants would not have likely been on a laptop because it wouldn't have fit, ten years from now a laptop might have a database of every taxpayer in the country.
If we are going to successfully manage these technological leaps, we need to rethink our data safeguards. We need to ask why the job applicant database was on the laptop, instead of a encrypted version or a mockup, most likely the database as there for development purposes, and not for production backup. And the reason, a live version instead of a mockup or an encrypted version, probably because it was easier creating a proper dataset.
The Gap can't just pass off the blame on contractors, if it takes government regulation and fines to prevent this type of security "Gap" then that is what we need to do, and the sooner the better. As I have said, as technology advances the breaches will continue to get larger and larger.
Friday, September 28, 2007
Gap Analysis - Blame It On The Contractor
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment