Data Breach at GIA
By Bryan Boyne (g.g.) , Thursday, October 29, 2015
On October 23, The Gemological Institute of America announced that it had discovered a data breach which allowed 1,042 grading reports to be altered.
In their announcement GIA explained that “Based on discrepancies in grading information identified by internal controls, GIA initiated an investigation in conjunction with Tata Consultancy Services (TCS), our contractor that supports GIA databases. The investigation revealed that an outside party altered grading information for 1,042 diamonds examined by GIA. The investigation indicates that one or more former employees of TCS made these unauthorized changes. The individuals, acting at the behest of other parties unrelated to GIA or TCS, gained unauthorized remote access to alter grades before reports were printed and sent to clients.”
In an October 26 update, GIA announced that two former employees of Tata Consutancy Services (TCS) are in custody related to the incident. GIA and TCS are working proactively with authorities in India who are conducting an ongoing investigation. Most of the diamonds involved were submitted to the GIA in India between November 2014 and September 2015.
The report numbers are posted to the GIA website for the public to check against, and some accounts associated with stones in question have been suspended. Their statement includes this appeal to anyone owning one of the listed diamonds: “GIA strongly requests that anyone in possession of any of these diamonds and grading reports return them immediately to GIA for examination at no charge.”
To reassure the public GIA stated “We have further strengthened our systems, controls and procedures for access to our grading information database.”
Whiteflash, as a member of the American Gem Society, is fully dedicated to consumer education and protection. And as a company certified for ISO 9000 quality control Whiteflash has completed a thorough check of our records and have determined that no diamonds currently in stock or sold during the timeframe of this incident were on the GIA list.
The American Gem Society Laboratories, a separate organization and laboratory which was in no way affected by the breach, grades many of the precision cut diamonds in the market having a specialty in light performance cut grading. When reached for comment on the GIA breach, AGSL Lab Director Jason Quick responded, “AGS and AGS Laboratories take security of all types very seriously. As a non-profit organization focused on consumer protection, it is essential for us to be vigilant on topics like data security.”
With laboratories all over the world GIA clearly faces a big challenge in data security. It seems logical that AGSL would enjoy a significant advantage in this regard as they are a much more compact organization.
For more specific questions ask our experts