Backup Tapes Stolen From NYPD

So what lessons can we learn from this? Encrypt your backup tapes. I'll keep telling you this til I stop seeing these stories come up

Howard Marks

March 7, 2009

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

4:50 PM -- If you think your physical security is good enough to keep your company from having to alert your employees, customers, and the media because your backup tapes containing their Social Security numbers, mothers' maiden names, and other personally identifiable information have gone out of your control, let today's news from the New York Police Department disabuse you of that opinion.

The communications director of the NYPD pension fund, Mr. Anthony Bonelli, stands accused of stealing eight backup tapes from the fund's disaster recovery site on Staten Island. Note that Mr. Bonelli -- as communications director and not an IT guy -- had no valid reason to be at the DR site and was not authorized to go there.

While he was there, he disconnected a surveillance camera and made off with the tapes. Despite being associated with what is one of the best law enforcement agencies in the world, the pension fund apparently had Larry, his brother Darryl, and his other brother Darryl watching the monitors as Bonelli was only caught after making suspicious comments at work and the disabled camera was only discovered when crack technicians were dispatched to the DR site/warehouse.

He was charged with computer trespass, burglary, and grand larceny. Bail was set at $2 million.

A letter sent to the 80,000 current and former members of New York's Finest, a sample of which is available here (pdf), informs them of the breach and that the fund is providing one year's identify theft detection services from Equifax. It also says that officers hired after May 2007 shouldn't worry because backup tapes made after that date were encrypted.Lest you think this is an isolated incident, the Ponemon Institute "Jobs at Risk = Data at Risk" survey of 945 individuals who were laid off, fired, or quit their jobs in the past 12 months indicates that 59 percent admitted to stealing company data and 67 percent used their former company's confidential information to leverage a new job.

So what lessons can we learn from this?

  • Encrypt your backup tapes. I'll keep telling you this till I stop seeing these stories come up.

  • Physical security isn't enough. The NYPD is pretty good at physical security.

  • Once you do start encrypting tapes, review why you're keeping old unencrypted tapes around. Archive the data -- don't just keep old backup tapes for years "just in case."

Howard Marks is chief scientist at Networks Are Our Lives Inc., a Hoboken, N.J.-based consultancy where he's been beating storage network systems into submission and writing about it in computer magazines since 1987. He currently writes for InformationWeek, which is published by the same company as Byte and Switch.

Read more about:

2009

About the Author

Howard Marks

Howard Marks

Network Computing Blogger

Howard Marks</strong>&nbsp;is founder and chief scientist at Deepstorage LLC, a storage consultancy and independent test lab based in Santa Fe, N.M. and concentrating on storage and data center networking. In more than 25 years of consulting, Marks has designed and implemented storage systems, networks, management systems and Internet strategies at organizations including American Express, J.P. Morgan, Borden Foods, U.S. Tobacco, BBDO Worldwide, Foxwoods Resort Casino and the State University of New York at Purchase. The testing at DeepStorage Labs is informed by that real world experience.</p><p>He has been a frequent contributor to <em>Network Computing</em>&nbsp;and&nbsp;<em>InformationWeek</em>&nbsp;since 1999 and a speaker at industry conferences including Comnet, PC Expo, Interop and Microsoft's TechEd since 1990. He is the author of&nbsp;<em>Networking Windows</em>&nbsp;and co-author of&nbsp;<em>Windows NT Unleashed</em>&nbsp;(Sams).</p><p>He is co-host, with Ray Lucchesi of the monthly Greybeards on Storage podcast where the voices of experience discuss the latest issues in the storage world with industry leaders.&nbsp; You can find the podcast at: http://www.deepstorage.net/NEW/GBoS

See more from Howard Marks
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Reports
More Reports

Editor's Choice

Integrating the new APs into Dartmouth’s existing network infrastructure was no small feat. Mist’s AI-driven insights made this easier.
Network Management
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend
How Dartmouth College Leveraged AI To Modernize Its Network in One Weekend

Sep 12, 2024

Extensive communications outages from Hurricane Helene drive home the need for new approaches to strengthen network resiliency.
Network Resilience
Hurricane Helene Communications Outages Show Need for Greater Network Resilience
Hurricane Helene Outages Show Need for Greater Network Resilience

Oct 3, 2024

Satellite services could bridge the digital divide in remote areas through partnerships like the SoftBank-Intelsat collaboration announced last month.
Network Infrastructure
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network
Intelsat, SoftBank Plan Ubiquitous Satellite Connectivity Network

Oct 9, 2024

White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events