[ISN] Firm loses secrets of 180,000 clients

From: InfoSec News (isnat_private)
Date: Thu Jan 30 2003 - 22:40:16 PST

  • Next message: InfoSec News: "Re: [ISN] Internet Attack's Disruptions More Serious Than Many"

    Jan. 30, 2003
    Co-operators Life Insurance Company has warned more than 180,000
    customers across Canada about possible identity theft after the
    disappearance of a computer hard drive containing personal
    In a letter to life insurance and pension plan clients, the top
    official of the company's parent firm says the loss of the hard drive
    in Regina is extremely serious and "theft of an individual's identity
    is possible in such circumstances."
    "Vital information such as name, address, date of birth, social
    insurance number and mother's maiden name can be used to access
    financial accounts, open new bank accounts, transfer bank balances,
    apply for loans, credit cards and other financial services,"  
    Co-operators chief executive officer Kathy Bardswick said in the
    letter this week.
    Bardswick urged policy holders and plan members to review and verify
    all bank accounts, credit cards and any financial transactions because
    of the increased risk.
    But Guelph-based Co-operators is not the only company with sensitive
    information on the hard drive.
    Regina-based ISM Canada, the firm responsible for storing data from
    the Co-operators, admitted that information from other clients,
    private companies and public agencies, was also on the hard drive. ISM
    would not disclose which companies or agencies were affected.
    The Saskatchewan government has confirmed the missing hard drive
    contained many crucial files.
    Workers' Compensation Board records, thousands of public servant
    pension statements, bulk fuel rebate applications, SaskPower billings,
    doctor pay lists and physician service data are on the missing hard
    However, no other private sector companies have disclosed that they
    had sensitive data on it.
    Co-operators and the Regina Police Service noted they have not
    received any reports or complaints about misuse of any information on
    the hard drive yet.
    Co-operators said it is possible the missing hard drive was simply
    misplaced recently by ISM, however Regina police Sergeant Rick
    Bourassa said investigators are treating the disappearance as a theft.
    ISM is also conducting its own internal investigation.
    OPP Staff Sergeant Barry Elliott, an expert in identity fraud, said
    the disappearance of the hard drive in Regina could be the biggest
    case of such a crime in Canada.
    "This could be huge," he said in an interview last night.
    "I can't remember where the numbers of potential victims could be this
    large. We don't even know because there are a number of other
    companies and individuals who could be at risk. It's scary."
    Elliott said customers who fear exposure to identity theft shouldn't
    panic because they can't lose any money from such a crime.
    The financial institution would be liable, he said.
    However, identity theft could put a customer at credit risk and it
    will take time to clear up a person's history, Elliott noted.
    ISM, a subsidiary of IBM Canada that provides a variety of services
    including data management, disclosed last week that a personal
    computer hard drive with customer files had "gone missing" from its
    building in Regina.
    The discovery was made Jan.16 and ISM reported it to Regina police,
    according to company spokesperson Anne Mowat.
    She said ISM has notified any affected clients but would not reveal
    any other details.
    In a brief news release last week, ISM said it is taking the
    disappearance of the hard drive seriously but did not indicate that it
    contained sensitive information or the possibility of identity theft.
    Bardswick said in the Co-operators letter dated Jan. 27 that the
    missing hard drive has banking data such as account and policy numbers
    and monetary values of individual life insurance holders but not their
    names and addresses.
    The hard drive also has names, addresses, beneficiaries, monetary
    values and employers of pension plan members, she revealed.
    Furthermore, a separate file contained individual life insurance
    policy anniversary notices including name, address and policy values
    but no banking information.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 01:32:52 PST