Data spill

Data spill

Data spill is a somewhat ironic term, derived from such phrases as oil spill, toxic or hazardous waste spill, "etc.", for the unintentional release of secure information to an insecure environment. Other terms for this type of incident are data breach, data leak, etc. According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.

Definition

This may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques. [" [http://www.archives.gov/isoo/faqs/agency-declass-plans.html When we discuss incidents occurring on NSSs, are we using commonly defined terms?] ", "Frequently Asked Questions on Incidents and Spills", National Archives Information Security Oversight Office ]

Data privacy

Most such incidents publicized in the media involve private information on individuals, "i.e." social security numbers, "etc.". Loss of corporate information such as trade secrets, sensitive corporate information, details of contracts, "etc." or of government information is frequently unreported, as there is no compelling reason to do so in the absence of potential damage to private citizens, and the publicity around such an event may be more damaging than the loss of the data itself.

Consequences

Although such incidents pose the risk of identity theft or other serious consequences, in most cases there is no lasting damage; either the breach in security is remedied before the information is accessed by unscrupulous people, or the thief is only interested in the hardware stolen, not the data it contains. Nevertheless, when such incidents become publicly known, it is customary for the offending party to attempt to mitigate damages by providing to the victims subscription to a credit reporting agency, for instance.

Major incidents

Well known incidents include:

2008

* In January 2008, GE Money, a division of General Electric, discloses that a magnetic tape containing 150,000 social security numbers and in-store credit card information from 650,000 retail customers is known to be missing from an Iron Mountain Incorporated storage facility. J.C. Penney is among 230 retailers affected. [ [http://www.informationweek.com/news/showArticle.jhtml?articleID=205901244 GE Money Backup Tape With 650,000 Records Missing At Iron Mountain - Iron Mountain ] ]
*Horizon Blue Cross and Blue Shield of New Jersey, January, 300,000 members
*Lifeblood, February, 321,000 blood donors

2007

*The 2007 loss of Ohio and Connecticut state data by Accenture
*2007 UK child benefit data scandal
*CGI Group, August, 283,000 retirees from New York City
*The Gap, September, 800,000 job applicants
*Memorial Blood Center, December, 268,000 blood donors
*Davidson County Election Commission, December, 337,000 voters

2006

*AOL search data scandal (sometimes referred to as a "Data "Valdez" [" [http://www.doubletongued.org/index.php/dictionary/data_valdez/ data Valdez] " Doubletongued dictionary] , [" [http://www.eff.org/Privacy/AOL/ AOL's Massive Data Leak] ", Electronic Frontier Foundation] , [" [http://www.netlingo.com/lookup.cfm?term=data%20Valdez data Valdez] ", Net Lingo] due to its size)
*Department of Veterans Affairs, May, 28,600,000 veterans, reserves, and active duty military personnel , [" [http://www.networkworld.com/news/2006/060606-active-duty-troop-information-part-of.html?nwwpkg=slideshows Active-duty troop information part of stolen VA data] ", "Network World", June 6, 2006]
*Ernst & Young, May, 234,000 customers of Hotels.com (after a similar loss of data on 38,000 employees of Ernst & Young clients in February)
*Boeing, December, 382,000 employees (after similar losses of data on 3,600 employees in April and 161,000 employees in November, 2005)

2005

*Amerprise Financial, stolen laptop, December 24, 260,000 customer records " [http://www.privacyrights.org/ar/ChronDataBreaches.htm A Chronology of Data Breaches] ", Privacy Rights Clearinghouse]

References

External links

* " [http://attrition.org/dataloss/ Attrition.org Data Loss Archive and Database] ", attrition.org
* " [http://doj.nh.gov/consumer/breaches.html Notices of Security Breaches] ", New Hampshire Department of Justice
* " [http://www.privacyrights.org/ar/ChronDataBreaches.htm A Chronology of Data Breaches] ", Privacy Rights Clearinghouse, updated twice a week


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • data spill — n. The accidental transmission or display of private online data to a third party. Example Citation: Unintentional disclosures of personal information, called data spills, can occur when visitors click on a link to an external site. Browsers… …   New words

  • Data loss — is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss …   Wikipedia

  • Spill — may refer to:* Spill (UK band), a dance duo * Daniel Spill (1832–1887), English entrepreneur * Oil spill * Data spill * Leadership spill …   Wikipedia

  • Data theft — is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand held devices capable of storing digital information such as USB flash drives, iPods and even digital cameras. Since… …   Wikipedia

  • Data breach — A data breach is the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Incidents range from… …   Wikipedia

  • data exhaust — n. The digitally trackable or storable actions, choices, and preferences that people generate as they go about their daily lives. Example Citations: In Brin s way of thinking, each of our lives is a potential contribution to scientific insight.… …   New words

  • data furnace — n. A computer installed in a home or office to be used as both a server and the building s primary heat source. Example Citations: Then, there s this: Microsoft research suggests the possibility of data furnaces, small server packages of… …   New words

  • data shadow — n. The trackable data that a person creates by using technologies such as credit cards, cell phones, and the Internet. Example Citation: It s not only spam that worries Garfinkel. It s the power that businesses wield with personal information.… …   New words

  • Data erasure — (also called data clearing or data wiping) is a software based method of overwriting data that completely destroys all electronic data residing on a hard disk drive or other digital media. Permanent data erasure goes beyond basic file deletion… …   Wikipedia

  • Deepwater Horizon oil spill — 2010 oil spill and BP oil spill redirect here. For other oil spills in 2010, see 2010 oil spill (disambiguation). For the 2006 oil spill involving BP, see Prudhoe Bay oil spill. For the drilling rig and explosion, see Deepwater Horizon… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”