There has to be consequences for such careless handling of such sensitive data.

teplitsa said:I've heard that the US Government sends classified info via registered mail, but not 100% sure.

That's a fact, Jack! Classified info up to at least the secret level, needs only to be double wrapped. Then it's in the hands of the good ol' post office. Mr. McFeeley probably doesn't have a clearance, but he carries classified info daily.

teplitsa said: DHL is pretty secure since it is supposedly scanned along the way.

Yeah sure. Check out this news item from my local news:

A POLICE investigation continues after thousands of dollars of diamonds are missing after they were delivered to a local gas station instead of a jewelry store.
There are $6,000 of diamonds missing after they were delivered to Exxon gas station on 3300 Guernsey St., instead of the intended Leva's Jewelry at 3300 Belmont St.

The two stores are a block apart and the DHL delivery person mixed up the streets during the delivery, and now the diamonds are missing.

Workers from the Exxon gas station are saying they did not know what was inside the package and threw it away after the delivery. Bellaire police said there is no evidence that suggests the diamonds were stolen by anyone.

The delivery service will probably have to reimburse the jewelry store for the missing diamonds.

Regarding the comment about showing ID to cashier and safety:
I work as a bank teller and I can tell you right now that EVERYTHING is in the computer and everyone working in the bank has access to everything. So, if we were to steal ur info/identity and sell it, we would have done so a long time ago.
In fact, you're safer by showing ID because no one is stealing your money. Just last month, a man stole $20,000 from his mother's savings account by forging her signature.
I personally have a flag on my account every time a check is cashed, money is withdrawn or an inquiry is made (i.e. what's my account number, I forgot it) ID has to be shown and signature matched because I have seen how many times STRANGERS steal ur account info and print checks.

maybe now they will have their offsite provider pick up the tapes, unless they ship all tapes to a central location in some other state and this is how this happened

I work for a major bank, Bank of America. The bank has lost data tapes before in the same way as ABN AMRO. We ship all of our data tapes off site to a data recovery center. There are two data recovery centers in the U.S. one in GA and one in Arizona. Each coast ships the data tapes to the nearest one. They are sent in these red hard turtle cases with a regular small masterlock that requires a key to open it. We use FEDEX to ship these turtles. Each major city has hundreds of servers and hundreds of tapes that get sent out daily to the data recovery sites. Quite a few end up "missing" or "lost." People see these turtles and probably think it's money or something of value inside, but when they get it home to break into it all they get are stupid DLT or LTO tapes that they can't do anything with it. Most people or even computer nerds couldnt get access to the data tapes if they tried. Almost everyone uses LTO tapes and more than likely they use Veritas Netbackup to do the backup of data. A common thief wouldn't have a $3-4K LTO scsi drive and they also wouldn't have the power to setup a Veritas master server to do a "restore" of the data. And on top of all of that, they would need a catalog tape from Netbackup to tell the server what serial # tape has what data from what day and from what server. So in other words, if someone stole a data tape, they would need the catalog tape that tells Netbackup what that tape contains. What does this all mean? Your average Joe, who would steal or find this data tape couldn't do shi1t with it if he or she even tried too. FYI, I bank with a credi union and not with BOA. Pretty sad.

Edit: When I say "lost." I don't mean one tape gets lost but a "red tub" will get lost. We use two different red tubs. One hold 10 tapes while the other holds 20 tapes. If some of you don't know, the LTO tape we use can hold 200 GIG of data per tape. There is no way any company can transmit that much data/info daily to an offsite data recovery center from every bank site. BOA has thought of it but the bandwidth and time involved was way to expensive to get the links big enough on both sides and to purchase data silo's to hold hundreds of terabytes of data.

dweick said:ciba said:BankruptThem said:
2) I want to know why they are transporting such highly sensitive data (account numbers with social security numbers) in such a casual, sloppy way.


I'm curious what you would suggest as a good way to ship sensitive data. I would not think it to be unreasonable to argue that DHL is more secure than the USPS, but how many people mail tax returns?

USPS Registered Mail

Encrypt the data, if you can't encrypt it then at least put it in packaging that is tamper resistant so you can tell if someone mucked with it in transit.

What good would a tamper resistant seal do if the tapes never showed up? Also, for all we know this procedure may have already been in place.

You would really consider shipping this critical data through our nation's postal service? I think we have all heard stories about envelopes/packages being lost for great deals of time, or for good.

I think a better means of transportation and encryption of data are both in order here. ABN Amro was caught with their pants down. Just my thoughts.

Ouch - I agree that 3 months isn't enough but they'll probably increase it if more people complain or if they see misuse of the lost info

DHL will probably take a hit with their business accounts - saw on the news that DHL said that "there was no error on our part and all procedures were followed" lol so where's the tape at then?

Well.. it has happened to Citi and BoA this year as well, through different carriers, so undfortunately it's not uncommon.

Encrypting would only delay a determined thief, not stop them, as would using LTO tapes vs DLT. The drive may be more expensive, not not all that expensive compared to the possible rewards.

I urge everyone to sign up for the free 90 day credit monitoring, even those that are not customers of ABN AMRO.

The website is:

www.truecredit.com/entry/GCEntry.jsp

The gift certificate code is: AAMG-DGJG-BKKB-XFRB.