Mobile operator 02, a brand of Telefonica, has announced that it has suffered a potential data breach through the loss of a data back-up tape.
The mobile operator said that its IT support partner IBM had informed it in the "summer of 2012" that a "tape used for routine daily IT back-up work" had been misplaced in September 2011.
In a statement, O2 said that as the tape was "unaccounted for", it was possible that it was simply "misplaced" and still within a "secure location in O2".
The statement confirmed that the office of the Data Protection Commissioner had been notified and that the company had been working closely with that office.
O2 said that it believed that the risk to customer data privacy was low, despite the fact that it confirmed that the content of the specific data back-up tape was unknown.
In a FAQ on the issue, O2 states that the tape is part of a set of "daily back-ups" that contained a snapshot of "data at a particular moment in time, including files from O2’s internal corporate drives", but was not more specific. It goes on to say "while it is possible that it could contain some personal data, it is more likely that it simply contained information about O2’s normal business affairs and company information".
It concludes by saying, "As a result we believe there is a low risk to customer data privacy".
The FAQ also confirms that the data was unencrypted, but says that the data contained was in a "format that is not accessible to someone trying to access it and requires specialist technology to extract any readable information from it".
Despite the assurances from O2, questions difficult questions have already been asked.
In a blog post, prominent information security expert Brian Honan of BH Consulting asked "Why does O2 not know what was on the tape?", pointing out that most back-up systems will include details about what is to be backed-up over a set of media.
Honan goes to ask why the tape was not encrypted, why it took so long for IBM to notify O2 and why it took O2 so long to notify customers of the potential breach and risk, however low.
O2 offered its sincere apologies in the statement, and says in the FAQ that this kind of incident has never happened before.
It also states: "We also want to reassure customers that stringent measures have since been taken to ensure such an incident does not happen again."
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers