AMR notifies 79,000 employees about stolen hard drive
Discussions of end-of-service data retirement practices involve terms such as “sanitization” and sometimes “crushing”. They don’t seem to be nearly as cool as working against cyber attacks and encryption technology. Nevertheless, the damage caused by losing physical storage media that hasn’t been purged of data is just as great.
Witness recent challenges at American Airlines parent AMR, now engaged in the unenviable task of notifying 79,000 current and former employees of a significant data breach. The cause: loss of a hard drive containing private employment records from the years 1960 to 1995. According the company, the some of the records contained financial information, and may have also included health insurance information concerning coverage and treatment.
In addition to the cost of notifying employees, the company is providing a year of free credit monitoring.
Not to belabor the obvious, but the cost of purging the hard drive would have been far far less than the expense that have now been incurred.
