Digital Transactions Authoritative, insightful and timely information for payments professionals
The drumbeat of data-breach disclosures continued Friday with the news that information linked to about 65,000 individuals?including credit and debit card data–were exposed when a burglar broke into a locked office in a YMCA facility in Providence, R.I., last week and stole a laptop containing the sensitive member information. According to press reports, officials with the YMCA of Greater Providence so far have no reason to believe the thief or any associates have compromised the data, which also included checking-account information, Social Security numbers, and names, addresses, and health information on YMCA members' children enrolled in day-care programs. The officials said the data in each record varied by individual. YMCA officials are contacting at least some of the members whose data were stolen, according to an account today in The Boston Globe, which indicates members throughout Rhode Island and parts of Massachusetts could be affected. Accounts so far do not indicate whether any of the data stored on the computer were encrypted, as security experts advise. YMCA officials said the information was shielded behind two layers of security, though they were not more specific. According to the Globe story, the YMCA held off reporting the laptop's theft until it had reported it to police and had worked out what information the machine, which was said to be used only on occasion, contained. The theft follows by days the highly publicized loss of a laptop containing records of 26.5 million U.S. armed-services veterans. That theft, which also resulted from a burglary, occurred May 3 but was not made public until last week. The stolen information, which was maintained by the Veterans Administration, included names, dates of birth, and Social Security numbers but not financial data. The theft occurred after a VA data anlayst took the computer home in violation of agency policy. As a result of this breach, Michael McLendon, deputy assistant secretary for policy at the VA and supervisor of the staffer who took the laptop home, has announced his resignation. The agency is also dismissing the analyst. News of data breaches seems to be making headlines routinely in recent months, a matter that has begun to worry top-level electronic payments executives. Aside from recent revelations of stolen computers, bankers in particular fret that third-party processors may not be up to the job of securing payment data. In one of the most highly publicized breaches, a hacker last year gained access to information on about 40 million card accounts stored by merchant processor CardSystems Solutions Inc. “We pride ourselves as an industry on safety and soundness, reputation is everything,” said Mitch A. Christensen, executive vice president for payment strategies at Wells Fargo & Co., during a panel discussion last week at a Bank Administration Institute conference in Las Vegas in which data security became a high-priority topic. “We've outsourced a lot of this [data processing]. We're going to have to take a serious look at whether we bring a lot of that back behind our [banking-industry] firewalls.”
