Data Tape On 650k Customers From 230 Retailers Is Missing

Today GE Money reported that a data tape containing personal information on 650,000 customers from “about 230 retailers including J.C. Penney Co” is missing. Social Security numbers for about 150,000 customers were also on the tape. It was “being stored at a facility operated by Iron Mountain Inc, an information protection and storage company,” but there’s no evidence currently that it was stolen—it may just be sitting somewhere in a vast matte-painted warehouse like the Ark of the Covenant. However, it may also be the source of the recent wave of ID theft issues we’ve noticed.

Iron Mountain says it’s been missing for a while, but that even if it was stolen it should be hard to access data on it:

In a statement, Iron Mountain said it notified GE Money of the missing tape in October, and added that there has been no evidence suggesting that the identity of any person had been compromised.

“We believe this is an unfortunate case of a misplaced tape,” Iron Mountain’s statement said. “We also understand the tape was created in such a manner to make unauthorized access extremely unlikely and difficult, even for experts with specialized knowledge and technology.”

GE Money isn’t naming the other retailers whose customers were on the tape, but they did say, “It’s many of the large national retailers as well as some smaller regional ones.” They say they’re mailing letters out to everyone whose name was on the tape, and offering a year of free credit report monitoring to those whose SSNs were included.

Data Lost on 650,000 Credit Card Holders [AP]

RELATED
“Major Retailer’s Data Breach Results In Wave Of Credit Card Fraud”
“Shenanigans With Chase Credit Cards?”
(Photo: Getty)

Comments

Edit Your Comment

  1. jeff303 says:

    What if the contact info they have for someone is out of date? How will that person ever find out they are affected?

  2. f0nd004u says:

    How big are these tapes, exactly? A size that’s hard to lose?

  3. rhombopteryx says:

    “They’re mailing letters out to everyone whose name was on the tape,…”

    Oh yeah? Everyone? Prove it.

  4. ecwis says:

    Iron Mountain lost a bunch of data AGAIN?

    hmm….

    They lost my information in October and refuse to provide a credit monitoring service or any help whatsoever, even though it was due to “employee error”.

    [blog.nola.com]

  5. youbastid says:

    Sweet, free credit monitoring for a year! So you’ll let me feverishly scour my credit reports daily because you effed up and I don’t even have to PAY for the honor? Truly remarkable.

    You know what else is remarkable? If the tape was indeed stolen, I’m pretty sure whoever did it is smart and/or patient enough to hold off for a year.

  6. jerros says:

    Many of the standard tape sizes used these days are of the DLT size which is aproximately the height & width of a 5.25″ floppy disc. They are relatively thick though. One disc can store around 300 gig of information uncompressed, and around 600-900 gig of information compressed.

    For the amount of data these tapes can store we are probably talking about 1-5 tapes. The company I used to work for used Iron Mountian for data storage, they are a very reliable company and for the most part handle the data and storage like an armored truck carrier. Any time tapes were lost it was usually on our end and not Iron Mountians end, Though I could easily imagine a box of backups getting the wrong label and being stored in the wrong location in iron mountians storage facilities.

  7. catcherintheeye says:

    @jerros: This is the second time Iron Mountain has lost tapes during my company’s tenure as their customer, we ship about 16 tapes a month to them.

    Anyone else an Iron Mountain customer? This doesn’t sit terribly well with me, but there’s a real lack of better options given their service is generall good, and like Jerros said, missing doesn’t necessarily mean gone/stolen, and it could be the customer’s fault.

  8. NotATool says:

    I’ll be checking my credit cards daily for strange activity. It would be helpful to know who the affected retailers are, so that us consumers know if we need to worry…

  9. Sudonum says:

    Question: I do not have an account at JC Penny (or any other retailer). I may have purchased something from there within the last 5 years (not bloody likely though)using an AMEX card. Could it be possible that they, or any other retailer where I don’t have accounts, but have shopped, would have my SSN on file somewhere?

  10. youbastid says:

    @Sudonum: Since the article states that only 150,000 ssn’s were on the tape, but the data of 650,000 people may be compromised, I’m gonna guess the majority of data on there is from transactions – which includes card number and pin info, if it was paid by debit. That’s what you should probably be concerned about.

  11. MightyPen says:

    Hmm.

    This seems like a good reason to close my store cards that have zero balances.

    Any one know if all accounts are affected, or just ones that were engaged in transactions over a certain timeframe?

    We have a few store cards that we have forgotten about that are a few years old…

  12. nutrigm says:

    OH CRAP!

  13. Amry says:

    @youbastid:

    I’m thinking that since it sounds like this was GE Money’s information, there would only be private label store card information on the tapes. They’re the bank that many retailers do their store cards through – not a holding tank for general transaction information that would include debit card numbers and the like.

  14. youbastid says:

    @Amry: Ah, I misread when they said “GE Money reported…” I just took “GE Money” to be a financial news branch of sorts, a la CNBC.

    But why were there only 150k SSN’s tied to the info I wonder?

  15. econobiker says:

    @youbastid: The SSNs were probably in store credit card application info or such. Rest of the info was people who shopped there and used a card.

    Got to love all of this info floating around, not only for criminals to snatch, but also for firms to data mine….

  16. strathmeyer says:

    @f0nd004u: “How big are these tapes, exactly? A size that’s hard to lose?”

    Indeed, it’s almost as if someone should come up with some sort of system to keep track of things…

  17. ahwannabe says:

    I worked for Iron Mountain for a little while, and all I can say is, it would be a bit tricky to steal something from them, but ridiculously easy to stick something in the wrong box. It really does look a lot like the warehouse in Raiders.

  18. Sudonum says:

    @youbastid:
    There are only 2 places I use my debit card, at my banks ATM and the grocery store.

  19. polyeaster says:

    I may be missing something here, but how do ssns play into this? How would JC Penney have my ssn? CC, I can understand, but ssn?