The dumbfucks at Providence Home Services

Tapes Lost in Transit and storage:
* Bank of America disclosed (February 2005) that its courier service had lost backup tapes containing data on about 1.2 million federal employees—including names and Social Security Numbers.
* Time Warner -- couriers at ... Iron Mountain, had lost a cooler-size container of computer tapes—holding personal, unencrypted data on 600,000 current and former employees—while it was en route to a data storage facility

With potential for lost tapes when in transit with UPS/FedEx/Courier-of-choice, and loss of data due to theft, or unsupervised physical access to tapes by people who have no authorization, simple off-site storage is not good enough.

Tapes should have contents encrypted with a "good" cipher that is part of a reliable/well-tested implementation before being taken offsite, and if resources allow for it, all tapes with SSN/Customer info should be encrypted.

Furthermore, any tapes lost need to be documented with cipher(s) used, date of creation and notes on what data was included, as well as the version of the encryption software -- so that if/when a weakness is found in the implementation or cipher used to encrypt the lost data, appropriate actions can be taken with disclosure.

Off-site storage for disaster recovery is a difficult problem to solve. Where I work, we are moving to encryption of tape data and have a tape swap with a trusted distant partner who sends us their tapes periodically.

This is actually pretty common practice for a lot of places.. having various 'trusted' employees in the food chain taking and storing tapes as an 'off-site' backup. It is a policy that was kept at a previous college I worked for. It was the practice at a bank I previously worked for. It was not viewed as a security risk, but appearantly encouraged. Encryption? Most folks barely understood what it meant and few of them would have a clue how to implement it. If they did, they would probably leave the keys in an easily accessable location anyways..

The idea of security at a lot of these places is really misconstrued.

/shrug

When Hurricane Rita turned towards Houston, the small company where I work sent home two copies of our file server and e-mail server. However they were with the manager of the security practice, and our VP of Ops, people with full access to the data in the first place.

I think this policy is a good ad-hoc way of ensuring availability for some businesses, but like C0n said, you gotta make sure *who* has access to the data and how it is protected.

What I found interesting is one line in Providence's press release:
That kind of statement is self-serving at best, and at the worst is misleading to the patients and the public. While the average thief who breaks into a car is a idiot aspiring to be a moron, reading a hard disk, CD-ROM or a tape is hardly a big deal. That statement however, gives them an excuse they can work either way. If the data doesn't get out, then they'll say: "See folks, there was really nothing to worry about." If it does get out, then the line will be: "Oh, it was stolen by some dirty hacker who had the secret skills needed to wield his evil against the world."

Based on my experience, the tapes were probably abandoned in a dumpster within 20 minutes after they were stolen. The average car burglar is looking for cash or stuff they can turn into cash quick; disks and tapes are not going to be on that list. However, with all the news of "Identity Theft", even the dimmest thief will now recognize that there may be some future value in that kind of item. It is not inconceivable that the burglar could be fencing it to someone else.

http://www.providence.org/oregon/hcs/newsrelease.htm

speaking of idiots...

Ahh, good old dumpster diving... Why give those records to employees for safe keeping when you can just throw them away?

http://www.katu.com/stories/82811.html

Ok, call me crazy, but...

Why not set up an intranet on the internet? Think on it. One server sitting in a basement, nice and cool...most definitly protected from fire as well. Wouldn't have to be anything special, hell, a Dell Dimension could serve as the server.....then have the network in the main building and back up the data every 30 minutes or so from the main office building to the secondairy building.

There! Data is in two places at once, just like magic, and untouched by theives' hands as well!

True, an intranet can be hacked....but if it is a random number, say "http://sprint.1234.11.1245" someone would need to find it first.

In the case of banks, most banks have multiple branches throughout one or more states. Data sets could be encrypted, divided, and distributed to be stored offsite at each of these remote branches. Break down [x] data into [n] branches worth of encrypted segments. This causes the problem of one of the data segments being lost in a catastrophe, preventing your ability to restore the important data... UNLESS: [y] copies of the data sets were created and distributed out to each branch. As long as [y] remains less than [n], no branch will ever have the full data set for decryption, but redundant copies of the data segments will be available in case of disaster.

If [n] is significantly larger than the amount of data to be backed up, this could be accomplished more complexly.. Instead of taking your backup as a whole, send your exchange server backup with [(x/n)*y-z] data sets to [a/n] branches ... send a seperate data set for your AD master to [b/n] branches, and so on.

Oh right.. people really like those tape thingys..

con, I have to say, that's one of the smartest things I've seen in quite a while. Simple to set up and administer; easy to recreate the data in case of an emergency; yet no one branch can have the full data set taken in a theft.

Almost like a RAID for banks...

They moved it off site for protection incase something happens like fire right?
Why not just put it in a Fire proof safe onsite which is safer than letting some desk jocky throw it in the trunk of his Ford Tauros and drive it home just to put it in his closet under piles of old socks right. Converge did have a good point about splitting up the data and storing it in servers in other places.

Fire safes aren't a good idea for magentic or optical media. Fire safes are specifically desgined to protect paper for X hours at Y degrees. Paper can be protected at a higher sustained temperature (something in excess of 250ºF if I recall correctly.) Those temps that the fire safes are designed for are well above the safe limits for magnetic or optical media. Also, many fire safes are designed to raise the interior humidity, to rotect the paper. The shell contains some sort of water-bearing gel. This can also play havoc with magnetic media.

All-in-all fire safes are a bad idea for media. If you want to protect magnetic medai from fire, you're better off by physically removing it from the site.

http://www.whoelseisme.com/news.htm

And the list isn't even up to date. This is what the world is coming to.

i was never aware of those specs concerning what happens to the conditions inside of the safe during the fire. here i am keeping some of my backup media in a typical office max brand fire safe. (i also have another set of backups in a .50 cal ammo can in a friend's basement, but this new info makes me glad it's there)

I will be on TV tonight. 5 and 6 PM. It will be the channel 8 news in Portland, OR.

I'll be speaking out about Providence Home Services recent records breach from the position of an affected consumer. I am one of those 365K customers with their data out and about.

http://providenceidentitytheft.com

Later!

Anyone care to make me a logo to replace the geeklog logo at the top left side of the home page? I'm not too good at those sort of things. I would just like something in white letters "Providence Identity Theft".

You can send the image to telco@dc503.org if you want to whip one up. Probably take one of you graphics people just a few minutes. Please have the background be the same color as the header which is allready in place.

Thanks!