News coverage of past data disasters that have resulted in the loss of millions, sometimes billions of dollars, has succeeded in lessening the number of such disasters. Increasingly, both companies and individuals are taking the necessary steps to protect and backup their data. Yet despite the increasing number of people utilizing professional data management services and instituting best practices within their organizations, data disasters can still happen. Inspired by Kroll Ontrack’s blogpost, I bring you my own take on some of the worst data disasters from this year.
Worst data disasters
One such example is that of British Columbia’s Minister of Education who misplaced a hard drive that contained sensitive information, information that wasn’t encrypted. Information compromised by the data security breach included student records, exam results and even custody orders and health information, information with the potential to have far reaching negative effects on individual lives. Identity theft and job discrimination are just two of many possibilities of such a breach.
The breach cost thousands of man-hours in additional labor, as a 50-member team searched hundreds of boxes for the missing hard drive, a similar one, also unencrypted, having been found the previous month. In addition, a costly investigation into security practices was launched, and the incident was called the biggest breach in the government’s history, with potentially every citizen between the ages of 22 and 47 being affected in some way.
Another big data breach in 2015 was that of CareFirst BlueCross Blue Shield, in which the names, birth dates, and email addresses of 1.1 million members was compromised. Fortunately, and wisely, in that case, other more potentially damaging and personally sensitive information such as Social Security numbers, and financial data had been encrypted. Unfortunately, the insurer Premera Blue Cross Blue Shield reported a larger breach in March affecting 11.2 million subscribers as well as other business associates. Information compromised in that breach included Social Security numbers and bank account information as well as home addresses. Tragically, the breach occurred even after the company had been warned of vulnerabilities within their IT system.
Penn State University was one of eight educational institutions that suffered data breaches this year, a list which even included Harvard University. More disturbingly, even government agencies responsible for protecting national security were affected by data breaches in 2015. For example, the National Guard suffered a breach as the result of a third-party contractor that compromised the personal information of up to 850,000 current and past members.
Some data breaches can have far-reaching international political consequences. For example, a breach at The Hacking Team, a company that develops spy tools for government agencies published over 1 million emails that revealed its own involvement with oppressive governments. The case prompted the secretary of the United Nations to declare that since”… such software is ideally suited to support military electronic intelligence (ELINT) operations, it may potentially fall under the category of ‘military … equipment’ or ‘assistance’ related to prohibited items.” This decision resulted in the Italian government froze all Hacking Team exports due to human rights concerns.
Most data disasters suffered by individuals aren’t as far-reaching, but can still be equally personally devastating. Fortunately, potential full-blown disasters can often be averted with professional assistance. For example, while undergoing building renovations, a small German company’s server room was covered in dust, so the servers were moved to another location without air conditioning, which caused the server to overheat. Despite the damage to the system caused by overheating, 99% of the data was recovered.
The data loss case of an individual who had been using a 1992 Amiga 600, a treasured childhood gift that contained decades of treasured memories, until it reached the end of its natural life was not cause for international concern. However, the successful recovery of all the data it contained at its time of death did prove to be a cause for personal celebration and relief by its owner. Similarly, the case of a man running over his smart phone with a lawnmower after it had fallen out of his pocket while doing yardwork is probably one that most of us can more easily relate to. The loss of personal contacts and text messages can be traumatic. Data recovery professionals can minimize, or even eliminate, the potentially traumatic effects of a data breach, whether on businesses, governments, or individuals.