http://www.nytimes.com/2006/01/26/business/26data.html
By ERIC DASH
January 26, 2006
Ameriprise Financial, the investment advisory unit spun off from
American Express last year, said yesterday that lists containing the
personal information of about 230,000 customers and advisers had been
compromised.
A security breach occurred in late December, Ameriprise said, after a
company laptop was stolen from an employee's parked car. The laptop
contained a list of reassigned customer accounts that was being stored
unencrypted, a violation of Ameriprise's rules.
The information on the laptop included the names and Social Security
numbers of about 70,000 current and former financial advisers and the
names and internal account numbers of about 158,000 customers, about 6
percent of its 2.8 million clients.
An Ameriprise spokesman, Andrew MacMillan, said it was unlikely that
the thief knew that the information was on the laptop and the risk of
"any data being used or discovered is very low."
Mr. MacMillan said that the laptop was protected by a password but
that the data was being stored unencrypted in violation of company
rules. The employee involved has been fired.
"This information should not have been removed from the corporate
office without the security measures in place," he said. "This
individual violated a few written company policies."
The company said it had started notifying the customers and the
advisers on Saturday.
Ameriprise, which reports its earnings today, is the latest company to
acknowledge a security breach in a wave of incidents that have rocked
the financial services industry. Some have occurred when cyberthieves
broke into unprotected computer networks, like one at CardSystems
Solutions, a tiny credit card processing company that left the
personal account information of 40 million consumers exposed to fraud.
Others, like those at Bank of America and Citigroup, have occurred
when data tapes were lost.
_________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
