As a leader in a growing business, you understand how important it is to keep your data secure. The real question: Why don’t some of the world’s biggest corporations have this same understanding? In fact, some of the best-known companies have had some of the most astounding breaches of security managable. Here’s a list of what I think are the five worst offenders:
OFFENDER 1: CITIGROUP. In 2005, Citygroup made news when they revealed that their carrier, UPS, had lost the personal data of nearly 4 million consumers. While 50,000 of these had already closed their accounts, the vast majority still had active accounts. Contained in these records were the consumers’ names, social security numbers, loan information and account history. Seven years later, the data still has not been recovered.
OFFENDER 2: CARDSYSTEMS SOLUTIONS. This one also happened in 2005 (a really bad year for data security). In January, CardSystems announced that the Visa, Mastercard and American Express card numbers of 40 million customers had been compromised. This was the result of a hacker’s use of a malicious computer script. Following an investigation, regulators found that CardSystems was not complaint with security standards within the industry.
OFFENDER 3: U.S. DEPARTMENT OF VETERAN AFFAIRS. I suppose it’s no real surprise that even the U.S. government has had an egregious data-security breach. In this case, in 2006, a Veterans Affairs employee took home a laptop computer without proper authorization (but without being stopped). On the laptop: The personal data of more than 26 million people who had been discharged from the military since the mid-70s. Think it’s bad enough that the laptop was taken home? It gets worse. Once the laptop was in the employee’s home, it was stolen by a burglar, giving the criminal access to names, birth-dates, and social security numbers.
OFFENDER 4: AOL. Somewhere between March and May 2006, the Internet giant AOL accidentally made 20 million keyword searches public. These searches had been performed by several hundred thousand users who had no idea that their searches were going to be exposed. At first, AOL said that no personal identification information had been compromised. That was the official story until an editor for TechCrunch, Michael Arrington, revealed the data and told us that these keyword searches had contained social security numbers, credit card numbers, and even private individuals’ physical addresses.
OFFENDER 5: TJX COMPANIES. The parent company of retailers such as TJMaxx, AJWright and Marshalls announced in January 2007 that an “unauthorized intrusion” into its networks had revealed more than 100 million customer records. Fortunately, the person behind this breach was caught and given a five-year prison sentence.
The important lesson here, of course, is that nothing is more important to your customers than feeling that they can trust you when they give you their account information. And since your customers keep your business alive, you owe it to them to make their data security one of your top priorities.