If it's Friday, it's time for another embarrassing case of companies losing data containing sensitive personal information. This time it's financial titan J.P. Morgan Chase, which tossed away five computer tapes containing data on holders of Circuit City credit cards, co-branded and sponsored by Chase.
Chase Card Services, the financial giant's credit card division, is currently notifying 2.6 million current and former Circuit City cardholders that "human error" caused the tapes to be mistakenly thrown out in late July.
Chase claims the tapes may have been destroyed and buried in a landfill, and is currently investigating to determine their ultimate fate.
In a public statement, Chase Card Services CEO Rich Srendicki expressed his regret at the mistake.
"We have found no evidence that the tapes or their contents have been accessed or misused. The privacy of our customers' personal information is of utmost importance to us, and we take the responsibility to safeguard this information very seriously," he said.
Chase discovered the incident during a regular systems audit in July, and had been monitoring affected accounts since then. Neither Srednicki nor other Chase officials revealed where the breach took place, or why the public and media were not notified until mid-September.
Nor was any information provided as to whether or not the data was encrypted or protected in any way.
Techworld's Chris Mellor called the Chase incident "an amazing display of incompetence."
Circuit City did not offer a statement regarding the loss, but a spokesman told Reuters that it was essentially Chase's problem.
"We certainly empathize with the affected cardholders, but this is a business that is administered by Chase," they said.
Although hackers and phishers represent serious threats to the safety of personal data, the number-one cause of identity theft and fraud is still the loss or theft of physical files or documents containing consumers' personal information.
Enterprising thieves "dumpster dive" for shredded credit card offers, laptop and desktop computers get stolen, and companies lose security tapes containing all manner of identifying information.
Blockbuster was criticized for tossing thousands of membership applications containing valuable personal information, including addresses and Social Security numbers, in trash bags on the sidewalk when it shuttered a New York City store in October 2005.
The Boston Globe and the Worcester Telegram-Gazette distributed the credit card information of over 240,000 subscribers to the public when they recycled internal reporting slips and packed them with their newspaper bundles.
And the list of consumers endangered by the theft of computers or storage devices containing sensitive, unencrypted, identifying personal data stretches into the tens of millions.