September 22, 2019

September 20, 2019

Subscribe to Latest Legal News and Analysis

Data Breach at Gunpoint

You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case.  Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the store’s safe.  The perpetrator ran off with the safe’s contents, including almost $6,000 and the day’s backup disk.

The next problem for Kmart (or maybe the first problem)?  The backup disk was not encrypted or password-protected.  The Chicago Tribune reports that information on the disk included confidential information relating to prescriptions including, names, addresses and medications prescribed for almost 800 customers.  According to another news source, parent company Sears says that “certain prescriptions also contained the customer’s social security number.”

Kmart spokesperson Shannelle Armstrong-Fowler said there was a “slim to none” chance of the thief accessing information on the disk because he would need to know what software package Kmart uses and have that software, but, FierceRetail asserts that it would not be that difficult to extract information from the disk by using a hex dump utility.   According to StorefrontBacktalk, the initial police report did not reference the missing data disk, and Little Rock Police said no updated report had been filed. Such an updated report would have been filed had Sears contacted police to update the list of what had been stolen.  Read more details here.

This breach underscores the importance of implementing layers of security.  Using strong encryption and passwords in addition to locking the media in a safe would have provided greater security to customer information and saved Kmart some angst.  Are you utilizing the right security to protect your sensitive information?  Unsure?

©1994-2019 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

The frictionless flow of information is a defining feature of today’s information economy. Your organization’s ability to transfer customer data, employee files, financial records, and other information around the country or the globe quickly and cheaply has opened a world of new opportunities. Privacy laws vary by jurisdiction and are interpreted unpredictably, and even if your business is extremely conscientious, it can make a false step as it captures, uses, transfers, and discloses personal information. The consequences can be serious and even devastating — heavy...