Corporate giant IBM has been touting its services as a data security vendor and consultant in recent years. It was among the companies hired by TJX to investigate the company's breach of 46 million customers' credit and debit card data in late 2006.
So it was a black eye on several levels when the company announced that a contractor had misplaced a data tape containing personal information on an unverified number of current and former IBM employees. The missing data tape contained such information as names, addresses, and Social Security numbers.
The unidentified vendor allegedly lost the tapes in transit to IBM's headquarters in Armonk, New York.
IBM put out an ad in a local paper asking for help in locating the tape, and began notifying affected individuals early last month.
Following the standard response to data breaches, IBM spokespersons said that there was no evidence the data had been misused, but said the company would provide a free year of credit monitoring to all affected individuals.
IBM had just unveiled a new suite of security and compliance products designed to track potential problems and generate compliance with regulatory measures such as Sarbanes-Oxley -- an announcement overshadowed by news of the data breach.
Outsourcing business tasks to third parties is a common cause of data breaches.
Many large companies and government agencies have contracted business processing tasks to smaller companies or third-party vendors, only to bear the burdens when the companies misplace data tapes, laptops, or other equipment containing personal information.
Most recently, Affiliated Computer Services (ACS), a technology company hired by Georgia's Department of Health to process health care claims and billing for the state, lost data discs containing information on 2.9 million members of the state's Medicare and child health care programs. The disc was lost while being shipped from ACS offices in Atlanta to Maryland.