As reported a few weeks ago, there was a physical break in to a facility that services student loans.
It turns out, some safes were stolen that contained hundreds of CD’s & DVD’s with backup information on them.
These backups contained personal data from folks who had student loans that were being serviced by this company.
Well, the police found the safes.
The safes were pried open, but the CD’s & DVD’s were left behind…apparently the thieves were (fortunately) too dumb to realize the value of what was on the disks.
Then, these safes and disks sat in the police evidence room for weeks as nobody knew what they had.
This is excellent new for everyone involved.
The loan servicing company can feel better as:
- The data was recovered and not accessed
- It shows they were doing things mostly correct
- They won’t have to pay for credit checks on all of those files.
The loan recipients can feel better as their info was not stolen after all.
What is the lesson here?
Follow “best practices” and chances are things will work out for you.
That these disks were locked in a safe is excellent, but does show that you must not only be concerned about hackers, but ordinary thieves.
The other thing this business should have done, and you should do if you keep any digital archives on your property, is password protect, or encrypt all of the data.
If you encrypt all of your data, you fall under “Safe Harbor” which essentially says, I’ve done everything reasonable to protect this data, and if somebody does steal the disks, the chances they can actually read the data is minimal.
Make sure you have a company policy on encrypting data…and follow that policy.