Jim Deegan reports:
A gunman who robbed the Wind Gap Kmart last month left with more than cash.
A bag stolen from a safe contained money and electronic media that backed up the store pharmacy’s computer system, the retailer said today.
The media contained confidential information related to customer prescriptions: names, addresses, dates of birth, prescription numbers, insurance cardholder IDs and drug names.
A relatively small number of those prescriptions may have included customers’ Social Security and/or driver’s license numbers, Kmart said.
Read more on The Express-Times.
And the backup media wasn’t encrypted…. why?
Although it doesn’t say anywhere in the article that you posted in your source that the backup media was not encrypted, it is likely true. Many companies with multiple locations run local backup processes on their systems and have the media prepared for taking offsite. A proper step in an IT backup procedure. Some companies have not yet improved their backup procedures to the next level by adding encryption to their backup data files. Remote locations may not have the resources or expertise to implement file encryption procedures in backups. IT should look at database encryption options on their centralized database so that any sensitive data that may be stored offline, (such as backups) is already encrypted and secured from unauthorized viewers. [link to commercial product deleted by moderator]