Data leaks occur when data storage managers, who increasingly face budget constraints, sell or give tape cartridges containing company data to a reseller who claims to erase or destroy the data. The reseller often "recertifies" the cartridges without fully erasing the data then sells them back into the market. In many cases, the data storage manager is unaware of this practice as it is these cartridges that often contain confidential company and customer data.
Imation has determined through its testing that many tape cartridges, especially those with magnetic servo tracks, cannot in fact be completely wiped clean. With today's high-capacity cartridges, significant amounts of data may be left intact and exposed to unwanted breaches. A typical tape cartridge can store hundreds of gigabytes of data, with the most current high-end cartridges holding up to a terabyte of data. An estimated one million cartridges are "recertified" each year.
While the practice of reselling used tape was established to mitigate budget constraints, the costs associated with data breaches can far outweigh any savings. According to industry analysts and others who study the financial, security and reputation risks of data breaches, the cost to companies resulting from the failure to protect data is growing each year. In a 2006 report from the Ponemon Institute (2006 Annual Study: Cost of a Data Breach) the average cost to companies per lost customer record as a result of a data breach is $182. Multiply this by the thousands of individual records that may remain on improperly retired used data storage products, and the financial risk to these companies becomes apparent.
According to the Privacy Rights Clearinghouse, as of early October 2008, more than 245 million personal records have been exposed as the result of data breaches in the last three years alone, and that number is on the rise. In addition, the Ponemon Institute study found that more than 90 percent of data breaches occur in digital form and the costs associated with data loss are rising into the billions of dollars each year.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.