- Data spill
Data spill is a somewhat ironic term, derived from such phrases as
oil spill , toxic or hazardous waste spill, "etc.", for the unintentional release ofsecure information to an insecure environment. Other terms for this type of incident are data breach, data leak, etc. According to thenonprofit consumer organization Privacy Rights Clearinghouse , a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.Definition
This may include incidents such as theft or loss of
digital media such ascomputer tape s,hard drive s, orlaptop computer s containing such media upon which such information is stored unencrypted, posting such information on theworld wide web or on a computer otherwise accessible from theInternet without properinformation security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencryptede-mail , or transfer of such information to theinformation system s of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques. [" [http://www.archives.gov/isoo/faqs/agency-declass-plans.html When we discuss incidents occurring on NSSs, are we using commonly defined terms?] ", "Frequently Asked Questions on Incidents and Spills",National Archives Information Security Oversight Office ]Data privacy
Most such incidents publicized in the media involve private information on individuals, "i.e."
social security number s, "etc.". Loss of corporate information such astrade secret s, sensitive corporate information, details ofcontract s, "etc." or of government information is frequently unreported, as there is no compelling reason to do so in the absence of potential damage to private citizens, and the publicity around such an event may be more damaging than the loss of the data itself.Consequences
Although such incidents pose the risk of
identity theft or other serious consequences, in most cases there is no lasting damage; either the breach in security is remedied before the information is accessed by unscrupulous people, or the thief is only interested in the hardware stolen, not the data it contains. Nevertheless, when such incidents become publicly known, it is customary for the offending party to attempt to mitigatedamages by providing to the victims subscription to acredit reporting agency , for instance.Major incidents
Well known incidents include:
2008
* In January 2008,
GE Money , a division ofGeneral Electric , discloses that a magnetic tape containing 150,000social security number s and in-storecredit card information from 650,000 retail customers is known to be missing from anIron Mountain Incorporated storage facility.J.C. Penney is among 230 retailers affected. [ [http://www.informationweek.com/news/showArticle.jhtml?articleID=205901244 GE Money Backup Tape With 650,000 Records Missing At Iron Mountain - Iron Mountain ] ]
*Horizon Blue Cross and Blue Shield of New Jersey , January, 300,000 members
*Lifeblood, February, 321,000blood donor s2007
*The 2007 loss of Ohio and Connecticut state data by Accenture
*2007 UK child benefit data scandal
*CGI Group , August, 283,000 retirees fromNew York City
*The Gap , September, 800,000 job applicants
*Memorial Blood Center , December, 268,000blood donor s
*Davidson County Election Commission , December, 337,000 voters2006
*
AOL search data scandal (sometimes referred to as a "Data "Valdez" [" [http://www.doubletongued.org/index.php/dictionary/data_valdez/ data Valdez] "Doubletongued dictionary ] , [" [http://www.eff.org/Privacy/AOL/ AOL's Massive Data Leak] ",Electronic Frontier Foundation ] , [" [http://www.netlingo.com/lookup.cfm?term=data%20Valdez data Valdez] ",Net Lingo ] due to its size)
*Department of Veterans Affairs , May, 28,600,000 veterans, reserves, and active duty military personnel , [" [http://www.networkworld.com/news/2006/060606-active-duty-troop-information-part-of.html?nwwpkg=slideshows Active-duty troop information part of stolen VA data] ", "Network World ",June 6 ,2006 ]
*Ernst & Young , May, 234,000 customers ofHotels.com (after a similar loss of data on 38,000 employees of Ernst & Young clients in February)
*Boeing , December, 382,000 employees (after similar losses of data on 3,600 employees in April and 161,000 employees in November, 2005)2005
*
Amerprise Financial , stolenlaptop ,December 24 , 260,000 customer records " [http://www.privacyrights.org/ar/ChronDataBreaches.htm A Chronology of Data Breaches] ",Privacy Rights Clearinghouse ]References
External links
* " [http://attrition.org/dataloss/ Attrition.org Data Loss Archive and Database] ",
attrition.org
* " [http://doj.nh.gov/consumer/breaches.html Notices of Security Breaches] ",New Hampshire Department of Justice
* " [http://www.privacyrights.org/ar/ChronDataBreaches.htm A Chronology of Data Breaches] ",Privacy Rights Clearinghouse , updated twice a week
Wikimedia Foundation. 2010.