The value of physical data backup methods is that they are frequently considered more secure than their virtual or web-connected counterparts. However, that logic may be giving organizations a false sense of security and raising the risk of information loss.

One financial institution recently learned this lesson the hard way. According to the Massachusetts Attorney General's office, TD Bank lost backup tapes used to store records for more than 73,000 customers. However, the concerning part of the incident isn't it's scope, but rather the fact that none of the information was encrypted.

"TD Bank says it is unaware of any misuse of personal information at this time, but it cannot rule out that possibility," the Attorney General's office said in a release. "The personal information of Massachusetts residents which was included on the tapes may have included name, address, Social Security number, account number, or other data elements such as date of birth or driver’s license number."

Attorney General Martha Coakley noted that her office will thoroughly investigate the circumstances that led to the breach. The bank will have to notify all affected customers, and can expect to answer some tough questions regarding its inconsistent enforcement of data security best practices. Robert Richardson, an independent security analyst, suggested to the Morning Sentinel that the incident could have been avoided using data encryption software, as is standard practice when shipping backup tapes.

As the Sentinel noted, the cost of the breach extends beyond that of compliance fines. Several customers have come forward, stating they planned to close their accounts. While it may seem obvious to some, the incident serves as a reminder that it is important to use data protection software to encrypt all sensitive data - backups included.