Lord of the Rings: The Return of the Snafu

Gandalf: (laughs) Oh, of course. "Speak, friend, and enter."

(Stands up and holds up staff)

Gandalf: MELLON!

(Security doors open wide...)

Situation normal all fouled up

Snafu? You're being ironic. From the customers' PoV, tarfu at least.

What courier?

I'd really like to know what courier lost the tapes... Did the bank just pop the tapes into their local FedEX Kinko's drop box or did it fall out of the back of an Iron Mt. truck.

Paris - 'cause she now knows to secure her tapes.

Oh, their first blunder!

It seems like the "NY Mellon Bank" is a recently-merged financial entity. It is barely one year old, and they've already done an epic SNAFU. Way to go!

With that name, though, I'd wonder if speaking 'friend' will give me full r00t access...

But if they had...

... national ID Scheme that wouldn't happen, of course!

//Coat

ignoramuses and/or fools

Anyone in any organization that handles data pertaining to clients or customers, especially financial and medical establishments, who transfers unencrypted data is an ignoramus or a fool. And that goes as well for at least one level up in chain of command.

Oh, yes, regarding "...bank has promised to transfer data electronically, where possible, rather than depending on the transport of physical media..." can you say "Hannaford" boys and girls?

Skull and crossed bones because Pirates is Everywharrrrr. Arrrr.

Not really a problem

After all, who's going to have mag tape equipment anyway. Only stodgy old banks and telcos.

@ Not really a problem

>After all, who's going to have mag tape equipment anyway. Only stodgy old banks and telcos.

And me... I bet I am not the only Reg reader with this kind of kit at the house or available for use at work

@ Dave Jones

"After all, who's going to have mag tape equipment anyway. Only stodgy old banks and telcos."

-Holds up hand- The last refurbished computer I bought had a mag tape bay in it! (Pulled it out, it's probably still in my closet)

Hmm, maybe I should put it on E-bay? It looks like it might be worth serious cash to someone, eh?

@Davey Bee

It comes down to cost. Most of the UK and US banks in the UK (including NYM) use Bike couriers as we are secure and hard to rob but we're not cheap. The US doesn't have many Bike couriers and they are VERY expensive so uses overnight services which cost little.

Overnight courier is very insecure but when nothing goes wrong it looks cheap. I guess its a perception thing.

Ex Securicor Pony Express rider who used to carry everything from cash to penny under a Billion bearer bonds to your banks clearing to bullion from cash centres all on Motorbikes. Ex company manager with a few banks as clients.

Anon as I signed confidentiality agreements (seriously)

no big shock here

US banks routinely contract with small Puerto Rican software shops who in turn sub the work out to... well the US banks would rather not know.

It doesn't take a bank losing tapes to leak this stuff, they ship it offshore routinely.

tards

Knowing these tards, they probably are still using 7 track round reel . No excuse is good enough for this type of stupidity. Loonies in Ohio were having interns take computer files home with them as an off-premises storage backup....ha.ha.ha.ha.ha

computer tards.... where do they get them?

@Why are Banks so F'ing stupid, still ?

Because all of the practical encryption options for backup media are *expensive*.

There's:

+ licensing

ie Encryption option for NetBackup isn't cheap

+ implementation

new tape drives [for hw encryption rather than sw encryption]

key management software plus associated new processes/procedures

impact on restoration/recovery times of encrypted data vs unencrypted

+ legal compliance

+ data expiration considerations

+ and DR can become further complicated

Most places seem to get their backup and recovery strategy "working ok", without then going and getting the next step of securing it properly.

Personally, I'd feel a bit safer if the encryption of *sensitive* data on backup media was legally mandatory AND part of the auditing that's done of financial institutions (i.e. by APRA here in Australia)

@ Not really a problem

Me too.

I use an LTO tape library even at home. Just keeps things nice and simple.

@ Dave Jones

Ten years ago, losing a tape or CD was less of a problem; it would probably just end up in a bin. Now though, the criminals are more aware of the value of data and are more likely to look through it and attempt to sell it to someone who can make use of it.

Encrypt everything!

@AC @Davey Bee

How excatly is a bike courier safe or hard to rob?

*Car Vs. Bike. Car wins. Car driver gets the physical data price.*

How very silly...

@Justin Clift:

How expensive do you actually think that encryption measures are, compared to the cost and hassle of losing unencrypted data? And we're talking about banks here, not exactly the poorest institutions around.

I'd imagine that most tape drives (libraries, more likely) that banks use are already advanced enough to include hw encryption and compression, I don't think key management is that much of an issue, and I don't see how DR would be significantly impacted either. Overall, definitely a small sacrifice compared to the potential benefits it brings.

@AC about car vs bike:

Motorcycles (or even bikes) are probably a lot more agile, so unless you have some real pros trying to steal the data, you're probably more likely to get away on one of those rather than a car.

But seriously, unencrypted tapes, in 2008? FAIL++ :[

still @ [least it's] not really a problem

>After all, who's going to have mag tape equipment anyway. Only stodgy old banks and telcos ... and me too [holds hand up in sheepish manner]. Truth is, I just can't throw anything away.

Buy ID Protection

From your bank !!!!!!!!!

They are all at it in UK at any rate, pay £x per month and we'll provide legal assistance while you sort out your shit in the (increassed likelyhood) eventuality that your ID gets stolen (after we lost your fucking data HA! HA! HA! - give us more of your money - idiot !)

This is how they are going to stabalise the world currency deficit caused by their bad capital investments and their incredibly weak security policies - not to mention the rather excessive fat cat payouts and executive jollies they've had recently)

I read somewhere that you are safer from ID theft if you only have debts.

Wicked ...................

ALF

@AC Car vs Bike

There's something like 5000 couriers on bikes within Central London, how do you tell which one has the important package? Not even the customer knows which rider has the package or what route they will take.

I suppose you could wait around outside a bank on Canary wharf but then how do you know what rider is carrying important data and which dross?

In the two years I worked for Securicor only one bike was robbed and that was because he forgot to lock his top box. In the several years I ran a company not one rider was robbed although the bank was.

The system of obscurity and speed works in this instance. If it didn't it wouldn't have been used for so long.

@AC (ca vs bike)

A big net and a lot of patience.

Hit Them Where it Hurts!!!

This takes the pee pee yet again. How many times does this need to happen before banks will wake up and smell the proverbial coffee (Or in the banks case when will they smell the shit hitting the fan??).

Those affected need to hit them in the only place that hurts for large American Corporations, the bottom line. Hit their profit margin very hard and they'll soon sit up and take notice. A class action lawsuit from 4.5 million people should do the trick.

When will the US administration stop spying on it's own populace and bring in some laws to protect them instead?

Flames; 'Cos whoever at the bank took the decision to send the unencrypted details of 4.5 million people, via a third oarty courier, should be burned at the stake in Times Square. I'll bring the petrol...