Tinley Park backup tape lost, then found
Technorati Tag: Security Breach
Date Reported:
7/24/08
Organization:
Village of Tinley Park
Contractor/Consultant/Branch:
None
Victims:
Residents
Number Affected:
"more than 20,000"
Types of Data:
Personal information including Social Security numbers, bank account numbers and driver's license numbers
Breach Description:
"A box of computer tapes containing sensitive information about Tinley Park residents has vanished, prompting officials to warn locals this week to protect themselves against identity fraud."
"A Tinley Park resident found a back-up computer tape that was lost in June and might contain the personal information of more than 20,000 people."
Reference URL:
Village of Tinley Park News Release
Sun-Times News Group
Chicago Tribune
Report Credit:
Associated Press
Response:
From the online sources cited above:
A box of computer tapes containing sensitive information about Tinley Park residents has vanished, prompting officials to warn locals this week to protect themselves against identity fraud.
The tapes, which stored hundreds of driver's license and Social Security numbers as well as bank account information, were apparently misplaced while being transferred early this month from Village Hall to the Police Department building.
[Evan] The trip from the appears to be about a 4 mile/10 minute drive.
Officials say the tapes containing information from as long ago as 15 years were lost while being transferred from the village hall to another site
[Evan] Why does the city have so much personal information belonging to its citizens? Call me naïve, but why does the city collect and store Social Security numbers and/or bank account numbers and/or driver's license numbers of residents? I understand the need to collect and store current and former employee information, but I am missing the justification for resident information. I also question why data from 10 to 15 years ago is still required.
Village Manager Scott Niehaus says about 19,000 residents and another 1,400 current, former or retired village employees will get letters about the incident.
"We don't believe they were taken with malicious intent," Village Manager Scott Niehaus said Thursday.
residents who gave personal information to the village after May 30 should move to protect themselves against identity theft
Tinley Park has not gotten any complaints from residents about suspicious activity regarding their personal information
computer file tapes from Village Hall are periodically moved to other buildings for security reasons
[Evan] Kind of. From what I read, the tapes are moved to other building for continuity and disaster recovery (DR) reasons. Continuity and DR could be mapped to security as it serves to protect availability. The method in which the village was conducting backups and transporting tapes may reduce the risk with respect to availability, but certainly increased risk to disclosure. It doesn't have to be a trade-off!
It's a common procedure to move the tapes so they won't be destroyed if a disaster happens at the village hall.
A resident found the tape in a parkway at 167th Street and Oak Park Avenue and threw the tape in his garbage.
[Evan] The tapes seem to have on their ~4 mile trip.
After reading about the incident in the SouthtownStar today and receiving a letter about it from Tinley Park, the resident called village hall
[Evan] This resident should be commended for his attention and effort. I presume that the resident would have contacted Tinley Park earlier had their been some sort of ownership label on the tape, or a "Please Return if Found" sticker.
Village Information Technology staff has determined that the tapes were not accessed or tampered with during the time they were missing.
Village staff continues to review how the tapes were lost
The incident has resulted in several revisions and enhancements to the security of the Village computer system and backups. The enhancements will ensure that this type of incident could not occur again.
[Evan] Like what? I think it would be a good idea for the Village to share the "revisions and enhancements" with its residents. How can they be reassured that this type of incident could not occur again?
The Village is appreciative for this resident’s conscientious effort to return the tapes, bringing the incident to a safe resolution with no risk to the citizens.
Additional steps are being implemented to protect information that residents give Tinley Park
For more information, contact the village at
Commentary:
Secure destruction of information that is no longer needed, only collecting the information that is needed, and backup encryption (and other data at rest if possible) would go a long way towards ensuring that this type of incident won't introduce unnecessary risk to residents in the future. There was no mention of encryption in the publicly available information I read, so I presume that it was not used.
Past Breaches:
Unknown
Date Reported:7/24/08
Organization:
Village of Tinley Park
Contractor/Consultant/Branch:
None
Victims:
Residents
Number Affected:
"more than 20,000"
Types of Data:
Personal information including Social Security numbers, bank account numbers and driver's license numbers
Breach Description:
"A box of computer tapes containing sensitive information about Tinley Park residents has vanished, prompting officials to warn locals this week to protect themselves against identity fraud."
"A Tinley Park resident found a back-up computer tape that was lost in June and might contain the personal information of more than 20,000 people."
Reference URL:
Village of Tinley Park News Release
Sun-Times News Group
Chicago Tribune
Report Credit:
Associated Press
Response:
From the online sources cited above:
A box of computer tapes containing sensitive information about Tinley Park residents has vanished, prompting officials to warn locals this week to protect themselves against identity fraud.
The tapes, which stored hundreds of driver's license and Social Security numbers as well as bank account information, were apparently misplaced while being transferred early this month from Village Hall to the Police Department building.
[Evan] The trip from the appears to be about a 4 mile/10 minute drive.
Officials say the tapes containing information from as long ago as 15 years were lost while being transferred from the village hall to another site
[Evan] Why does the city have so much personal information belonging to its citizens? Call me naïve, but why does the city collect and store Social Security numbers and/or bank account numbers and/or driver's license numbers of residents? I understand the need to collect and store current and former employee information, but I am missing the justification for resident information. I also question why data from 10 to 15 years ago is still required.
Village Manager Scott Niehaus says about 19,000 residents and another 1,400 current, former or retired village employees will get letters about the incident.
"We don't believe they were taken with malicious intent," Village Manager Scott Niehaus said Thursday.
residents who gave personal information to the village after May 30 should move to protect themselves against identity theft
Tinley Park has not gotten any complaints from residents about suspicious activity regarding their personal information
computer file tapes from Village Hall are periodically moved to other buildings for security reasons
[Evan] Kind of. From what I read, the tapes are moved to other building for continuity and disaster recovery (DR) reasons. Continuity and DR could be mapped to security as it serves to protect availability. The method in which the village was conducting backups and transporting tapes may reduce the risk with respect to availability, but certainly increased risk to disclosure. It doesn't have to be a trade-off!
It's a common procedure to move the tapes so they won't be destroyed if a disaster happens at the village hall.
A resident found the tape in a parkway at 167th Street and Oak Park Avenue and threw the tape in his garbage.
[Evan] The tapes seem to have on their ~4 mile trip.
After reading about the incident in the SouthtownStar today and receiving a letter about it from Tinley Park, the resident called village hall
[Evan] This resident should be commended for his attention and effort. I presume that the resident would have contacted Tinley Park earlier had their been some sort of ownership label on the tape, or a "Please Return if Found" sticker.
Village Information Technology staff has determined that the tapes were not accessed or tampered with during the time they were missing.
Village staff continues to review how the tapes were lost
The incident has resulted in several revisions and enhancements to the security of the Village computer system and backups. The enhancements will ensure that this type of incident could not occur again.
[Evan] Like what? I think it would be a good idea for the Village to share the "revisions and enhancements" with its residents. How can they be reassured that this type of incident could not occur again?
The Village is appreciative for this resident’s conscientious effort to return the tapes, bringing the incident to a safe resolution with no risk to the citizens.
Additional steps are being implemented to protect information that residents give Tinley Park
For more information, contact the village at
Commentary:
Secure destruction of information that is no longer needed, only collecting the information that is needed, and backup encryption (and other data at rest if possible) would go a long way towards ensuring that this type of incident won't introduce unnecessary risk to residents in the future. There was no mention of encryption in the publicly available information I read, so I presume that it was not used.
Past Breaches:
Unknown
Posts Atom 1.0
Comments