The Globe managed to recover about 1,000 of the routing slips after it was alerted to the problem by a store employee, said Alfred Larkin, the newspaper's senior vice president of general administration and external affairs. Most of the other slips are believed to have been discarded, he said.

After the breach was discovered, the newspapers modified their business system so it prints only the last four digits of credit and debit card numbers. In addition, the Telegram & Gazette stopped its practice of reusing internal reports as routing slips, Larkin said, adding that the Globe hadn't done that to begin with.

The breach at the newspapers came just one week after companies in Seattle and Minneapolis disclosed separate data compromises potentially affecting hundreds of thousands of people. Both resulted from the theft of IT gear from employees' cars.

Other common snafus mentioned by analysts include failing to properly destroy storage devices, leaving confidential reports in conference rooms, subways or taxis, storing corporate documents on home PCs, and donating or auctioning systems that still contain data. In one case last April, a disk drive containing confidential data from the police department in Brandenburg, Germany, was auctioned off on eBay Inc.'s Web site for the equivalent of about US$25.

It's impossible to implement controls for every eventuality. But Roberta Witty, an analyst at Gartner Inc., said companies should set up programs for classifying data and then apply mitigation controls based on the information's sensitivity and the perceived level of risk. "Just because it's not in electronic form doesn't mean you don't put controls over it," she said.