Isn’t it always a bit surprising when the (new) latest significant data breach happens at a tech company?

That’s been the case twice in the past week, first when IBM suffered a data breach when a number of data tapes fell from the back of a third-party vendor’s truck.

Later last week, that mantle was passed to Alcitel-Lucent, which lost a disk containing the PII of an unknown number of employees and retirees that was also in the possession of a partner at the time of the incident. Some reports have put the Alcitel-Lucent victim total as high as 200,000.

Jaime Chanaga of The CSO Board LLC was one of the first security bloggers to comment on the incident today. Here’s what he had to say:

“In this case, Alcatel-Lucent made an error in judgment in failing to implement basic information security technologies, such as data encryption, to protect the personal information on employees stored on any computer media leaving their facilities. This incident illustrates the fact that even technology savvy organizations can fail to protect sensitive information by ignoring the proper use of information security controls such as data encryption.”

Data breaches come in all shapes and sizes. And some don’t have a size.

Just today in fact, SC Magazine’s Dan Kaplan wrote this story about IBM – itself a pioneer in data storage and encryption – losing tapes that were in the possession of a third-party vendor.

Last week Texas’ House of Representatives passed a bill that would make PCI compliance the law of the Lone Star State, allowing financial institutions to take action against a company that is not compliant with the standard.

Tim Erlin at nCircle’s 360 Security blog has a brief analysis.