Risk Mitigation through Data Destruction
recently released a report containing data breach details of over 10,000 customer records and it didn’t happen in the datacenter, it happened in a dumpster.
In June 2016, a ShopRite Pharmacy on the east coast inadvertently disposed of an old point-of-purchase device that held private customer information. The problem? ShopRite does not know the location of the device, and therefore, cannot account for the sensitive data it contains. Specifically, sensitive healthcare information including, prescription numbers, medication names and date and time of prescription pickup. In addition, data describing full names, signatures, phone numbers, dates of birth, home address and zip codes was also stored on the device. ShopRite later confirmed that the device held the information of customers who had shopped at the impacted location between the years of 2007 and 2013.
Shortly after informing the affected customers, ShopRite publicly announced the breach releasing this official statement, "We have no evidence that any of the personal or medical information from the device has been accessed or misused in any way." However, the chain of custody of the device has been broken and control over the sensitive data it contains has been lost.
ShopRite has responded to the incident by updating its IT Asset Disposal processes; even so, its brand has been negatively impacted as a result of the breach.
Decommissioning out dated technology is a standard practice, however, organizations that do not take the necessary precautions when disposing of IT assets put themselves at risk. A misplaced hard drive or discarded computer can easily end up in the hands of a hacker, even broken and unusable devices act as a treasure trove of confidential information.
To address the risk present in IT asset disposal, MCPc has created a program we call STAD—Secure Technology Asset Disposition. STAD’s mission is to maintain an unbroken chain of custody for IT assets and their onboard data throughout the disposal process.
Do you know where your gear goes once it leaves your office?
Learn more about MCPc STAD