What is a data spill?

From ScenarioThinking
Revision as of 18:20, 22 April 2008 by Gvalaouras (talk | contribs) (New page: Data spill is a somewhat ironic term, derived from such phrases as oil spill, toxic or hazardous waste spill, etc., for the unintentional release of secure information to an insecure envir...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Data spill is a somewhat ironic term, derived from such phrases as oil spill, toxic or hazardous waste spill, etc., for the unintentional release of secure information to an insecure environment. Other terms for this type of incident are data breach, data leak, etc.

Data spills include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, posting such information on the Worldwide web or on a computer otherwise accessible from the Internet without proper information security precautions, transfer of such information to a system which is not completely open but is not appropriately or formally accredited for security at the approved level, such as unencrypted e-mail, or transfer of such information to the Information systems of a possibly hostile agency, such as a competing corporation or a foreign nation, where it may be exposed to more intensive decryption techniques.

For example, in January 2008, GE Money, a division of General Electric, disclosed that a magnetic tape containing 150,000 social security numbers and in-store credit card information from 650,000 retail customers was known to be missing from an Iron Mountain Incorporated storage facility.

Sources:
http://en.wikipedia.org/wiki/Data_spill
http://www.informationweek.com/news/showArticle.jhtml?articleID=205901244

Retrieved from "https://www.scenariothinking.org/index.php?title=What_is_a_data_spill%3F&oldid=23270"