White Papers for Gramm Leach Bliley Act (GLBA)

The Insecurity of Test Data: The Unseen Crisis

Compuware

When a large Midwestern US insurance company hired an outside expert from a respected technology consulting firm to develop business application software, it didn’t think that it was turning test data over to an identity thief. In the course of completing a software project, the technology consultant attempted to sell over 111,000 individuals’ social security numbers and related information to an undercover United States Secret Service agent. Following his arrest in June 2006, the consultant admitted that he sold the information for approximately 70 of the insurance company's customers to another individual. He was
ordered to pay restitution in the amount of $519,859 to the insurance company as reimbursement for the expenses that it incurred to notify the individuals whose information was stolen and to provide credit monitoring services to individuals who requested those services.
Organizations may think their test data is immune from privacy threats because testing occurs in a nonproduction environment. However, test environments are less secure because data is exposed to a variety of unauthorized sources, including in-house testing staff, consultants, partners, and offshore development personnel. According to industry analysts, most data breaches involving test data is caused by negligence or malicious intent. Further, breaches are costly. According to Ponemon Institute’s annual study on the business costs of data loss or theft, data breach incidents now cost companies $197 per compromised
record.

View the White Paper

Share or bookmarklet this web page at: