Actu
Origin Storage: 15,000 more reasons to archive data, as Arkansas National Guard archival disk goes missing
March 2010 by Origin Storage
Reports that staff data spanning more than five years at the Arkansas National Guard have gone missing on a back-up drive highlights the need for encrypted backups to be taken on live data - and also strengthen the argument that live data should also be encrypted, says Origin Storage.
"The archival drive reportedly contains the names, addresses and social security number details of at least 15,000 current and former members of staff as at March 2009, and spans back to the start of 2004," said Andy Cordial, managing director of the storage system integration specialist.
"Whilst some experts claim that encrypting live data is overkill in some situations, the fact that was an archival disk, and almost certainly only accessed if the computer’s primary drive went down, means that high levels of encryption should have been applied," he added.
Cordial noted that this isn’t the first time a US military database has gone missing as, back in the spring of 2006, similar details of more than 2.2 million US military personnel - including nearly 80 percent of the active-duty force - were stolen (http://bit.ly/cXjE4B).
That data, including more than 430,000 National Guard members, was subsequently recovered after an in-depth investigation by the US military, indicating the potential value to fraudsters of the information that was stolen - "and that is before we start taking about US national security," he said.
According to the Origin Systems MD, the fact the US National Guard is recommending that all affected current and former members of staff contact a credit reference bureau indicates the potential fall-out from this hard dive loss, as the data lost is a identity thief’s dream come true.
Social security numbers in the US, he explained, are much more powerful that national insurance IDs in the UK, as they are commonly used a means of identification online and over the phone, much as dates of birth are used in the UK.
The sheer size and history of the US, he said, means that there is a distinct possibility of several people of the same name having the same birthday but, because the social security number is unique to an individual, it is a much more useful identifier.
As a result, he added, most citizens use the number as their personal user credential when deadline with financial or government institutions.
"As a supplier we always recommend that archival data be protected by multiple layers of defence, such as encryption and password protection, as seen on our Datalocker range of secure backup systems (http://bit.ly/2vb6y9)," he said.
"And since we are dealing with a lot of staff data here it’s also advisable to encrypt the current database, only decrypting data on the fly as and when it is needed. There is simply no excuse not to use password plus encryption on such valuable data," he added.
