IBM has confirmed this week that tapes containing sensitive employee data, as well as customer transactions, went missing from a truck moving between IBM offices in New York state on 23 February of this year.
The tapes contain private information, including social security numbers, addresses, dates of birth and IBM work history.
The incident only came to light weeks later when IBM began contacting the affected, mostly former employees, warning them of the lost data, which could be used for identity theft.
Following this, IBM proceeded to place notices in a local newspaper requesting return of the lost tapes.
Only some of the tapes were protected by encryption and IBM has not revealed how many went missing or how many employees are likely to be affected.
However, the company has stated that customer transactions details, contained among the files, were insignificant in terms of potential criminal value.
To date IBM said that it has had no evidence that any of the data on the tapes was used.
This announcement casts a shadow over the company’s new risk management and security products, which were unveiled yesterday.
Ironically, IBM was one of the firms called in to deal with the recent TJX security breach, where 46 million customers’ credit and debit card details were compromised, as well as drivers’ licence numbers and military ID numbers.
Owen O’Connor, chairman of Information Systems Security Association (ISSA) Ireland, said asset loss or theft like this in the US is becoming very routine. “It’s happening every day of the week.”
The biggest impact of this type of cyber crime is loss of customer confidence, he said.
Speaking of the TJX security breach, he stated: “Previously people would have had a slight uncomfortableness with eBay or PayPal or buying online but now they have the idea now that they walk into a physical high street store, give someone their credit card and that credit card could be broken into. I think that will probably change things in the future for those consumers.”
By Marie Boran