Thousands of customer bank details on stolen Boots backup tape
Technorati Tag: Security Breach
Date Reported:
4/22/08
Organization:
Alliance Boots
Contractor/Consultant/Branch:
Boots UK Limited
Boots Dental Plan
Medisure
Unnamed "security company"
Victims:
Customers and employees
Number Affected:
34,000*
*27,000 dental plan customers and 7,000 company employees
Types of Data:
Names, addresses and bank details
Breach Description:
"The high street chemist chain has today admitted losing 27,000 customer records and 7,000 employees details related to their dental plan. The information included bank account details, as well as names and addresses."
Reference URL:
BBC News
CIO Magazine online
ITPRO
CompterWeekly
Report Credit:
BBC News
Response:
From the online sources cited above:
Personal details of thousands of customers of Boots' dental plan have been stolen after a courier car was broken into in Bristol.
The information from Boots Dental Plan included customer bank account details
officials claimed it was "highly unlikely" these could be accessed
The stolen data tapes included names, addresses and bank details of 27,000 dental plan customers, which is run by private healthcare contractor Medisure. The tapes also contained the records of 7,000 employees.
Boots and Medisure, who administer the plan for the company, said all customers had been informed.
The tapes were taken from the car of a subcontracted data security company in Bristol on 3 April, 2008.
[Evan] A data security company left backup tapes unattended in a car? I will go on to speculate that the car was probably unlocked and the tapes were probably left in plain sight.
Boots declined to name the courier company.
Avon and Somerset Police said they were investigating the theft from a car on St Thomas Street
The data is described as "technically complicated" and only accessible with specialist IT equipment and software.
[Evan] Hah! You know, specialist IT equipment like a tape drive and software like Backup Exec (or something similar). If the tape wasn't encrypted, I trust that the tape will be read, thus exposing the information. Maybe not today, maybe not tomorrow, but sometime. I would bet the rest of my half cup of coffee on it!
Boots said in a statement: "We would like to reassure our Boots Dental Plan customers that because of the type of data tape that was stolen and the way the information was stored it is highly unlikely that any personal data could be accessed or misused."
[Evan] Encrypted? No mention specifically, so I assume not. What is so special about the "way the information was stored" then?
Boots said it takes data protection "extremely seriously,"
Medisure added the information was not stored on standard software or CDs and could not be used on any home-style PC or laptop.
Medisure did not say whether the data was encrypted
"Reviewing this incident closely with the Police, they consider this to be an opportunist theft rather than a planned operation," Medisure said in the letter.
Commentary:
There is so much about this breach that we do not know, so we speculate. Often times we speculate worse case type of scenarios. It's just human nature. The fact that the tapes were left exposed in a car is bad enough. If some of our other assumptions are correct, then all the worse.
Past Breaches:
Unknown
Date Reported:4/22/08
Organization:
Alliance Boots
Contractor/Consultant/Branch:
Boots UK Limited
Boots Dental Plan
Medisure
Unnamed "security company"
Victims:
Customers and employees
Number Affected:
34,000*
*27,000 dental plan customers and 7,000 company employees
Types of Data:
Names, addresses and bank details
Breach Description:
"The high street chemist chain has today admitted losing 27,000 customer records and 7,000 employees details related to their dental plan. The information included bank account details, as well as names and addresses."
Reference URL:
BBC News
CIO Magazine online
ITPRO
CompterWeekly
Report Credit:
BBC News
Response:
From the online sources cited above:
Personal details of thousands of customers of Boots' dental plan have been stolen after a courier car was broken into in Bristol.
The information from Boots Dental Plan included customer bank account details
officials claimed it was "highly unlikely" these could be accessed
The stolen data tapes included names, addresses and bank details of 27,000 dental plan customers, which is run by private healthcare contractor Medisure. The tapes also contained the records of 7,000 employees.
Boots and Medisure, who administer the plan for the company, said all customers had been informed.
The tapes were taken from the car of a subcontracted data security company in Bristol on 3 April, 2008.
[Evan] A data security company left backup tapes unattended in a car? I will go on to speculate that the car was probably unlocked and the tapes were probably left in plain sight.
Boots declined to name the courier company.
Avon and Somerset Police said they were investigating the theft from a car on St Thomas Street
The data is described as "technically complicated" and only accessible with specialist IT equipment and software.
[Evan] Hah! You know, specialist IT equipment like a tape drive and software like Backup Exec (or something similar). If the tape wasn't encrypted, I trust that the tape will be read, thus exposing the information. Maybe not today, maybe not tomorrow, but sometime. I would bet the rest of my half cup of coffee on it!
Boots said in a statement: "We would like to reassure our Boots Dental Plan customers that because of the type of data tape that was stolen and the way the information was stored it is highly unlikely that any personal data could be accessed or misused."
[Evan] Encrypted? No mention specifically, so I assume not. What is so special about the "way the information was stored" then?
Boots said it takes data protection "extremely seriously,"
Medisure added the information was not stored on standard software or CDs and could not be used on any home-style PC or laptop.
Medisure did not say whether the data was encrypted
"Reviewing this incident closely with the Police, they consider this to be an opportunist theft rather than a planned operation," Medisure said in the letter.
Commentary:
There is so much about this breach that we do not know, so we speculate. Often times we speculate worse case type of scenarios. It's just human nature. The fact that the tapes were left exposed in a car is bad enough. If some of our other assumptions are correct, then all the worse.
Past Breaches:
Unknown
Posts Atom 1.0
On the subject of file backup, sharing and storage ...
Online backup is becoming common these days. It is estimated that 70-75% of all PC's will be connected to online backup services with in the next decade.
Thousands of online backup companies exist, from one guy operating in his apartment to fortune 500 companies.
Choosing the best online backup company will be very confusing and difficult. One website I find very helpful in making a decision to pick an online backup company is:
http://www.BackupReview.info
This site lists more than 400 online backup companies in its directory and ranks the top 25 on a monthly basis.
Reply to this
this is not just boots dental plan customers it is also BskyB healthcare plan holders(employees) who are affected along with other companies who use Medisure for their workforce healthcare
Reply to this
In addition to he others listed, Johnson Controls have also been affected by this breach.
Reply to this
british gas engineer just been informed medisure have lost my details stolen from vehicle 03 -04-08 police say oppotunistic theft low threat because of sophisticated equipment needed to read back up disk read that somewhere before same old excuse reported to data protection privacy commisioner for what good that will do
Reply to this