Five data leak nightmares

When Home Depot lost a laptop containing personal information on 10000 employees, it was just the latest in a string of high-profile data-leak incidents.

Data breaches cost companies an average of US$197 per record in 2007, according to a study by the Ponemon Institute. The average cost of a data breach was US$6.3 million, up from US$4.8 million in 2006.

And that just covers direct costs. A well-publicized data breach can also translate into lost business opportunity to the tune of US$128 per leaked customer record, according to the Ponemon study. No wonder companies are rushing to shore up their defenses against data leakage.

In this package of stories, we will describe the five worst data leak nightmares, chronicle the rapid consolidation in the data leak market, profile five key data leak companies and interview a leading expert in data loss prevention.

Nightmare 1: Film at 11A high-profile data breach can cost your company millions. Just ask TJX.

When The Home Depot lost a laptop containing personal information on 10,000 employees, it was just the latest in a string of high-profile data-leak incidents. The Veterans Administration, TJX,, Fidelity National Information Services, Pfizer, AOL, Ameritrade -- the list goes on and on.

This nightmare gets much worse if you are at fault and not simply a victim of hackers. Consider one of the most publicized data-leak victims: TJX. The attack was certainly the fault of hackers, but according to Carol Baroudi, research director, security technologies for Aberdeen Group, TJX must shoulder some responsibility.

"TJX should never have stored magnetic stripe information in their databases," Baroudi says. "It was a flawed storage policy. They didn't even realize they were putting personal information at risk."

Worse still, TJX didn't discover the breach. Visa did. The TJX breach has gone from a bad dream to a recurring nightmare, with the company hit by lawsuit after lawsuit, the latest one being an October court filing by credit card companies alleging that the breach hit 94 million credit cards, twice as many as TJX has acknowledged.

Another example is AOL. The AOL data leak wasn't the result of bad policy, but rather of good (albeit misguided) intentions. At the time of the leak, AOL had a nascent research site to which it posted users' search histories to spur further research. This move inadvertently exposed the Web surfing habits of many users.

Yes, AOL kept its users' identities secret, but anyone who bothered to dig into the nitty-gritty details of those searches could figure out who was browsing for what, since people often search for themselves, close friends, their hobbies, organizations they belong to, and businesses near them.

AOL employees didn't intend to harm the organization, but these unintentional incidents can be just as bad -- if not worse -- as malicious ones.

Nightmare two: Messaging misfires

Not protecting e-mail can lead to serious data leak problems

George Washington University (GWU) Hospital came close to a data leak that could have had national security implications. Vice President Dick Cheney was scheduled to visit the hospital, and the Secret Service attempted to send a risky unencrypted e-mail that could have compromised his safety.

"The Secret Service sent an e-mail to those coordinating the visit to inform us about which route they would take through the building, including which elevators," says Amy Hennings Butler, assistant director, security systems operations at George Washington University. "In our opinion, that kind of sensitive information should not be sent through the Internet -- especially as a clear-text e-mail."

GWU dodged this data-leak bullet because it had previously installed a data-leak prevention (DLP) product from Reconnex, which triggered an alarm. The DLP system responded to some of the text, as well as the lack of encryption, which allowed IT administrators to block the message. The agent who sent the e-mail most likely violated the Secret Service's own data security policies, but it was the university's security that caught it.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeff Vance

Network World
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?