The data exposure by the two newspapers hammered home yet again the need for businesses to implement comprehensive policies for securing their information assets and then apply the appropriate controls to mitigate the risk of accidental compromises, according to security analysts. Ways to Lose Data

"Given the infinite number of ways business processes are implemented in firms, there are potentially an infinite number of ways in which data can be lost," said Arshad Noor, CEO of StrongAuth Inc., a compliance management services firm in Sunnyvale, Calif.

As a result, IT and security managers need to start thinking beyond network and system defenses, Noor said. "We have to go back to the core of our systems where the data sits and start securing it outward from there," he said.

The Globe and the Telegram & Gazette, a sister publication in Worcester, Mass., announced that discarded internal reports containing the full credit card numbers of as many as 240,000 subscribers were reused to produce more than 9,000 routing slips for bundles of the Jan. 29 Worcester Sunday Telegram. The bank-routing information of about 1,100 Telegram & Gazette subscribers who pay by check may also have been exposed when the newspaper bundles were sent to retailers and carriers.

The two newspapers are owned by The New York Times Co. and use a shared computer system. According to officials at the Globe, customer data was mistakenly printed out twice in recent weeks by business office workers at the Telegram & Gazette. The reports were then put aside so that the clean side of the paper could be used for other purposes, leading to the security gaffe.