It would be funny if it wasn’t such a costly mistake, but a stolen Christmas stollen led to a huge data security fiasco for Landesbank Berlin and its contractor, Atos Worldline.
From what I can piece together from a few news stories and a Google translation of a story in today’s Frankfurter Rundschau, it seems that a company in Stuttgart wanted to send a Christmas stollen (a type of cake) to the editor of the Frankfurter Rundschau newspaper, and arranged to send it by a courier service.Â Â Also in the courier’s vehicle were packages containing bank customer data being shipped from AtosWorldline to the bank.Â The six packages contained receipts and microfiche strips with names, addresses, account information, credit card transactions, and PIN numbers.
Two of the courier’s employees apparently helped themselves to the stollen, and then trying to cover up their petty theft, just grabbed another package and attached the label for the newspaper to that package. And thus, a bag with data on what by today’s estimates are 130,000 people wound up in the newspaper’s offices.
With the stollen having hit the fan, so to speak, and police and everyone investigating, the two courier employees eventually confessed.Â But the situation has raised a real security stink for the bank, who only months before had reported increased credit card fraud.Â Why were the data sent in six packages with such casual security instead of being securely transmitted electronically?
This breach will cost Landesbank Berlin, Atos Worldline and the courier service dearly in terms of costs and reputational harm.
It also reminds us that when it comes to data security, we are totally doomed.Â With the economy in a dive, we are seeing more warnings about insider theft of data. In this case, the insider theft was of cake and the data loss was just incidental to that heinous crime. Add THAT to your next cautionary press releases, folks!