Backup Tapes Stolen From NYPD

4:50 PM -- If you think your physical security is good enough to keep your company from having to alert your employees, customers, and the media because your backup tapes containing their Social Security numbers, mothers' maiden names, and other personally identifiable information have gone out of your control, let today's news from the New York Police Department disabuse you of that opinion.

The communications director of the NYPD pension fund, Mr. Anthony Bonelli, stands accused of stealing eight backup tapes from the fund's disaster recovery site on Staten Island. Note that Mr. Bonelli -- as communications director and not an IT guy -- had no valid reason to be at the DR site and was not authorized to go there.

While he was there, he disconnected a surveillance camera and made off with the tapes. Despite being associated with what is one of the best law enforcement agencies in the world, the pension fund apparently had Larry, his brother Darryl, and his other brother Darryl watching the monitors as Bonelli was only caught after making suspicious comments at work and the disabled camera was only discovered when crack technicians were dispatched to the DR site/warehouse.

He was charged with computer trespass, burglary, and grand larceny. Bail was set at $2 million.

A letter sent to the 80,000 current and former members of New York's Finest, a sample of which is available here (pdf), informs them of the breach and that the fund is providing one year's identify theft detection services from Equifax. It also says that officers hired after May 2007 shouldn't worry because backup tapes made after that date were encrypted.Lest you think this is an isolated incident, the Ponemon Institute "Jobs at Risk = Data at Risk" survey of 945 individuals who were laid off, fired, or quit their jobs in the past 12 months indicates that 59 percent admitted to stealing company data and 67 percent used their former company's confidential information to leverage a new job.

So what lessons can we learn from this?

Howard Marks is chief scientist at Networks Are Our Lives Inc., a Hoboken, N.J.-based consultancy where he's been beating storage network systems into submission and writing about it in computer magazines since 1987. He currently writes for InformationWeek, which is published by the same company as Byte and Switch.