Early in 2007, my former employer, IBM, entrusted a large amount of data tapes to a contractor to move from Point A to Point B. Somewhere along the line, one tape kinda fell off the truck, never to be seen again.
Oops.
The tape contained employee information of a rather specific variety, "specific" being "everything about an employee that IBM had in their system."
Aaaaaaaaannnnnnnnnd, guess whose information happened to be on that tape?
If you guessed me, you're right!
Staying on the sunny side of life, IBM informed me that the information had not surfaced anywhere and that it was in such a format that it required specialized equipment to access it. They also assured me that according to their extensive investigation, the information had simply been lost, not stolen. And also, they were really, really sorry about it. In exchange for being dumbasses, they have offered me a free year's membership in a credit monitoring service, which I accepted. The service looks pretty cool, and I bet they threw a huge party when they got the IBM deal. I didn't have to provide any kind of payment information and the service would not be automatically renewed after IBM stopped paying, but of course I'm welcome to continue their service should I choose after my free period expires.
Thanks IBM!
A news article is included in the extended entry.
IBM Contractor Loses Employee Data
By Martin H. Bosworth
ConsumerAffairs.Com
May 16, 2007
Corporate giant IBM has been touting its services as a data security vendor and consultant in recent years. It was among the companies hired by TJX to investigate the company's breach of 46 million customers' credit and debit card data in late 2006.
So it was a black eye on several levels when the company announced that a contractor had misplaced a data tape containing personal information on an unverified number of current and former IBM employees. The missing data tape contained such information as names, addresses, and Social Security numbers.
The unidentified vendor allegedly lost the tapes in transit to IBM's headquarters in Armonk, New York.
IBM put out an ad in a local paper asking for help in locating the tape, and began notifying affected individuals early last month.
Following the standard response to data breaches, IBM spokespersons said that there was no evidence the data had been misused, but said the company would provide a free year of credit monitoring to all affected individuals.
IBM had just unveiled a new suite of security and compliance products designed to track potential problems and generate compliance with regulatory measures such as Sarbanes-Oxley -- an announcement overshadowed by news of the data breach.
Outsourcing business tasks to third parties is a common cause of data breaches.
Many large companies and government agencies have contracted business processing tasks to smaller companies or third-party vendors, only to bear the burdens when the companies misplace data tapes, laptops, or other equipment containing personal information.
Most recently, Affiliated Computer Services (ACS), a technology company hired by Georgia's Department of Health to process health care claims and billing for the state, lost data discs containing information on 2.9 million members of the state's Medicare and child health care programs. The disc was lost while being shipped from ACS offices in Atlanta to Maryland.
Oh Shelby. I'm so sorry to see this, but glad it doesn't look *too* horrible. And- free credit monitoring! Woop!
Posted by: Anita at June 27, 2007 11:46 AMShelby:
Thanks for posting this. I truly know how you feel. My data was on that "lost" data tape, too. I'm impressed that you have some humor about the data breach, since IBM has mishandled this incident in several ways. I blog about IBM's data breach, the impacts, the implications, and corporate responsibility. Feel free to come on over and share your humor on my blog:
ivebeenmugged.typepad.com/my_weblog/
George
Posted by: George at July 30, 2007 02:31 PMYour post was funny. Here's some ID-theft humor for you:
Data Breach Humor
Enjoy!
George