Kaltec Managed Services and Data Solutions
Home Careers Request Information Articles Only Kaltec Search
Kaltec Networking Specialists
An extension of your engineering department since 1988.
 
Kaltec MSP Services
Kaltec Data Home
Kaltec MSP Services
Network Administration
Enterprise Hosting
Monitoring
Help Desk Support
IT Planning
Email & Web Defense
 
e.r.i.s.
 
Partners
Resources
Is this right for me?
Articles & Publications
 
 
 
 
 
 
 

 

IT Manager pays e35 on eBay for second-hand NAS box with bank information on over one million people

Date: August 28th, 2008
Author: Bill Detwiler

A NAS device containing private bank account and credit card information on more than one million people was sold on eBay for �35. This shameful event should serve as a warning to all IT leaders. Physical security comes first!

When Andrew Chapman, an IT manager in the UK, bought a used Snap! box on eBay for �35, he got a lot more than he expected. Unbeknown to Chapman, the machine contained personal bank account and credit card information on over one million American Express, Royal Bank of Scotland (RBS), and NatWest customers. Chapman told TechRepublic sister site ZDNet UK on Tuesday that the server, a network attached storage (NAS) box, contained unencrypted backups of CDs. Graphic Data, a data-archiving firm, had used the machine to store information for RBS, of which NatWest is a subsidiary. Customer information included names, addresses, bank account numbers, telephone numbers and customer signatures.

According to ZDNet UK:
The IT equipment that appeared on eBay was not planned to be disposed of by the company and investigations are still ongoing to find out how this equipment was removed from one of Graphic Data's secure locations, the company said in the statement. We take customer privacy and data security very seriously. This incident is extremely regrettable and we're taking every possible step to retrieve the data and ensure this is an isolated incident.
According to the Daily Mail, a spokesman for Mail Source, which owns Graphic Data, put the situation down to an "honest mistake".  We all make mistakes and even the best IT departments mess up now and again. But, Graphic Data's allowing, either through act or omission, an employee to sell hard drives that held, or even once held, sensitive data is shameful. Shameful not just because the data was lost, but because this failure was easily preventable. Graphic Data lost control of the data because either adequate physical security policies weren't in place, weren't followed, or weren't enforced.

Lessen for IT Leaders: Physical security comes first!
The best network and data security measures mean nothing if you don't adequately control physical access to your hardware. In his TechRepublic article, Protect corporate data with these physical security precautions, Mike Mullins suggests the following guidelines for restricting personal access to your facilities:

  • Initiate a badge program that includes an employee picture, and color-code specific areas of access.
    Make it a policy to question anyone who doesn't have a visible ID badge.
  • Escort, observe, and supervise guests for their entire visit.
  • Don't allow anyone — including vendors, salespeople, etc. — to connect personal laptops (or any other computing device) to your network.
  • Don't allow anyone to add hardware or software to computers without proper authorization.
    Watch out for tailgaters.  These people wait for someone with access to enter a controlled area (such as one with a locked door) and then follow the authorized person through the door. Tailgaters enter without using their own key, card key, or lock combination.
    Mullins recommends these guidelines for protecting information and equipment access:
  • Place monitors and printers away from windows and areas where unauthorized persons could easily observe them.
  • Shred or otherwise destroy all sensitive information and media when it's no longer necessary.
  • Don't leave documents unattended at fax machines or printers.
  • Require all users to log off or power down workstations at the end of the working day.
  • Lock up portable equipment (e.g., laptops, PDAs, media, memory sticks) out of sight in a safe storage place overnight.
  • Don't allow the removal of computers or storage media from the work area or facility without ensuring that the person removing it has authorization and a valid reason.
  • Provide locks or cables to prevent theft, and lock computer cases.
I hope Graphic Data's experience reminds IT leaders that physical security comes first.

Kaltec provides development using Microsoft Visual Studio 2005 development tools

Kaltec uses SQL Server 2005 as a robust database engine for your database needs.

Kaltec's development team utilizes Team Foundation Server as a project management tool and for source control.

IT Solutions customized to your needs:

Reduce IT investment with managed network hosting and server virtualization...

Robust email defense service. Provides spam filtering, content management, virus protection, and easy management at very low cost.





Timecard solution for Property Management Businesses - Including integration with ADP Payroll...
.

Complete Data Management solution. Seamlessly integrate Microsoft Office, Contact Management, Email and Appointment Scheduling, and Project Management, the way you do business...

Contact Us Terms of Use Only Kaltec Search  
Copyright 1988 - 2009 Kaltec of Minnesota, Inc
All Rights Reserved

 

Kaltec of Minnesota, Inc.
Managed Services | IT | Software | Engineering | Design
Monticello Minnesota 55362
Fax 763 295-2365 Phone 763 295-2360


 Kaltec
Managed Network Services
IT Support Outsourcing
Design Engineering
Prototype and Prototyping
Manufacturing
 Rapid Development 
 Microsoft Partner 
Software Development 
Custom Software
 SPLA Licensing
 Custom Manufacturing
3D Machining


Maple Grove Brooklyn Center Inver Grove Minneapolis and St Paul Minnesota The Twin Cities MN: | Networking Specialist | IT Specialist | Mechanical Design Specialist | 3D Machining Specialist | Network Experts | Serving Monticello | Maple Grove | Brooklyn Center | Inver Grove | Minneapolis and St Paul Minnesota | The Twin Cities MN and the surrounding area.