An IT executive from a Canadian marketing business stands accused of stealing a computer backup tape that holds the personal details of 3.2 million customers, which if sold on the lucrative black market could make as much as $10 million.
The man accused of the crime is one Nick Belmonte, the (now) ex-vice-president for C-W Agencies, who are based in Vancouver. He asked one of his employees to deliver three backup tapes to his office for copying, however only returned two of them when the employee went back for them.
The details stolen not only include names and addresses, but also credit card details and the banking information of around 800,000 customers. Belmote was accused of the theft, and promptly went on leave.
“The information in the customer library is highly confidential to the plaintiff and its clients,” a C-W executive wrote in to the courts. “If the customer library data is sold, it cold have a devastating effect on CW’s business and that of CW’s clients worldwide.”
To this point its unclear how many of the company’s customers have been informed of the data theft. In America businesses must inform its customers of any threat to their data, so one would assume that it’s the same in Canada. However, executives have known of the theft since November 4th.
This sheds light on areas in businesses that do not guard our data properly. Banks and the National Health Service are expected to follow stringent rules on data security, but low level marketing companies and other ‘media’ businesses tend to be a bit less security conscious.
In related news, a hi-tech credit card from a company called CryptoCard has designed new security measures in an effort to cut down on credit card fraud.
The CD-1 Credit Card Display token uses two-factor authentication to safeguard against online fraud, namely phishing scams. The company wants to develop the technology further so that it may provide more watertight security for customers using their cards online.
Cardholder Not Present (CNP) fraud, is becoming more common, so the new card, which combines a payment can and authentication, is due to ship at the start of 2009. CryptoCard said that the new card is already being tested in a number of banks across Europe and the Middle East.
The company’s chief executive, Neil Hollister, said that the card “integrates long-established key-fob token two-factor authentication technology into a credit card”.
Users have to press a button on the card to receive a one-time password, that when used with a traditional PIN code, will be used to authenticate access to their online backing accounts via a back-end authentication server. The server technology can be built in to bank call centres to allow for phone customer verification.
CrytoCard’s technology will sell for around $30 each, which is much less than the Emue designed Visa card currently being trialled by many banks across the world.
Emue cards can digitally sign transaction, and a designed to replace passwords and the “Verified by Visa” scheme when customers buy something online. The digital signature would cut the chances of fraud dramatically.
Emue are lucky enough to have Visa working with them, so they have a distinct advantage in the credit card designing industry right now. Hollister argues that in this economic climate, and with people worried about spending money, there is room for his company.
CryptoCard’s Hollister said: “I don’t want to criticise to technology of Emue card but it’s too expensive for the extra benefit it offers. I don’t expect you’ll see large volumes. It’s further up the technology curve than banks want to go.”
C-W Agencies CEO, Gloria Evans, contacted us to “set the record straight” on some of the issues in the above article.
“We noted your interest in recent events at our company and wanted to provide the correct facts:
- The tape stolen from our premises on Nov. 4 has been recovered.
- The recovered tape is being examined by forensic experts who will determine whether the information has been accessed.
- Because of encryption, the requirements for specialized equipment, knowledge and facilities, it is our hope that the data has not been compromised.
- We informed our customers of the theft immediately.
- The criminal and civil matters that have arisen from this situation are before the courts and we cannot comment further.
“We are determined to protect our data and are very confident we are taking all reasonable measures to ensure the security of our customers. Our ability to protect our customer data is at the core of our ability to sustain our company. “