Backup Tapes With 2 Million Medical Records Stolen 173
Lucas123 writes "A vehicle used by an off-site archive company to transport patient data was broken into on March 17. The University of Miami just made the theft public last week, saying the thieves removed a transport case carrying the school's six computer backup tapes. On those tapes were more than 2 million medical records. In fact, the archive company waited 48 hours before notifying the university itself. A University spokeswoman said the school has stopped shipping backup tapes off-site for now."
Re:yes but what's the value (Score:4, Informative)
What would YOU pay for 2 million social security numbers?
Re:yes but what's the value (Score:5, Informative)
On the black market these days, a full identity (name, SSN, address, bank information, etc) can go for $14 each [washingtonpost.com]. If the tapes had full identities, that's 2 million x $14 = $28 million payday for a bunch of crooks. Even assume a "volume discount" for these guys and they're still in the many million dollar range. Even if it's just name, address, and SSN there's some value on the black market for these tapes.
When you're breaking into a vehicle filled with stuff that looks like computer equipment, it's hard to know whether the data is going to be social security numbers (valuable), credit card numbers (valuable), medical records (valuable if there's addresses and SSNs), or routine corporate records (not all that valuable). Enough data brokers [reputation...erblog.com] are sloppy enough with their security that there's a good chance to get some identity information that has value.
These guys were either extremely lucky or knew exactly what they were doing. Or they're complete idiots who are wondering why these tapes won't play on their 8-track player.
Re:yes but what's the value (Score:2, Informative)
For Example: Alot of people don't want to publically share that they have STDs etc. Especially not if the files are cross linked with a list of their sexual partners.
While sale for identity fraud would most likely be the most profitable, there are alternative uses for this data. Given the enterprising nature of most criminals, this is a gold mine.
Re:*Still* no encryption?? (Score:3, Informative)
Which means the file format could be anything...
I'm just glad they're not our customer. 8-)
Re:*Still* no encryption?? (Score:5, Informative)
1. It works.
2. IBM (assuming they are using IBM kit) mainframes are still being built today, and while they're totally different internally to the systems of 30 years ago, they're still compatible.
3. This is what companies like SunGard and IBM (yes, they have a DR consultancy team) specialise in. You tell them what equipment you'll need in a disaster recovery scenario, they agree to loan it to you. In which case, who cares how old the system is?