Bank Data Leak Jumpstarts Encryption Talk
Storage experts said Bank of America's loss of tapes housing the personal information of 1.2 million government employees suggests the data on them was not encrypted. The case is seen spurring calls for encrypting customer data.
Data encryption renders files unreadable to users, greatly mitigating the security risk brought on by the theft or misplacement of tape cartridges that include stored files.
If Bank of America had encrypted the data on the tapes, which included the addresses and account numbers for U.S. senators and other federal workers, it is unlikely they would have had to announce the loss, said Enterprise Strategy Group Analyst Jon Oltsik.
As it is, California Senate Bill 1386 requires corporations to report any breach to the security of a computing system where unencrypted personal information is stored. The bank's admittance suggest the tapes were not encrypted, a situation likely to bring renewed attention to efforts by Sen. Dianne Feinstein (D-Calif.) to craft national identity theft legislation.
Bank of America spokeswoman Alexandra Trower refused to confirm or deny whether the files on the tapes were encrypted to prevent prying eyes from culling the data. But she expressed doubt that the information could be accessed.
