Hidden risks show up in normal business processes

Incidents such as the data security breach disclosed last week by The Boston Globe and the Worcester Telegram & Gazette—which inadvertently attached the credit card numbers of more than 200,000 subscribers to newspaper bundles—highlight the unexpected ways in which sensitive information can leak out of companies.

The data exposure by the two newspapers hammered home yet again the need for businesses to implement comprehensive policies for securing their information assets and then apply the appropriate controls to mitigate the risk of accidental compromises, according to security analysts. IT and security managers need to start thinking beyond network and system defenses.

The Globe and the Telegram & Gazette, a sister publication in Worcester, Mass., announced that discarded internal reports containing the full credit card numbers of as many as 240,000 subscribers were reused to produce more than 9,000 routing slips for bundles of the Jan. 29 Worcester Sunday Telegram. The bank-routing information of about 1,100 Telegram & Gazette subscribers who pay by check may also have been exposed when the newspaper bundles were sent to retailers and carriers.

CATEGORIES : 1disclosure, 1victim, 1best practices