Re: [ISN] Firm loses secrets of 180,000 clients

From: InfoSec News (isnat_private)
Date: Sun Feb 02 2003 - 22:29:27 PST

  • Next message: InfoSec News: "[ISN] Experts: Microsoft security gets an 'F'"

    Forwarded from: Mark Bernard <mbernardat_private>
    Dear Associates,
    This is a huge discovery and disclosure.
    I worked for IBM Global services and the Information Security Services
    group we conducted Security Assurance Reviews (SARs) over ISM among
    many others. You can bet that ISM and IBM will get to the bottom of
    this quickly and somebody will be charged.
    This incident comes at a critical point in time here in Canada leading
    up to January 1st 2004 when provinces that have not already developed
    their own privacy legislation will be adopting the Federal regulation
    on privacy. Currently only Federally regulated business have been
    forced to comply with the Personal Information Protection and
    Electronic Documents Act (PIPED).
    ----- Original Message -----
    From: "InfoSec News" <isnat_private>
    To: <isnat_private>
    Sent: Friday, January 31, 2003 2:40 AM
    Subject: [ISN] Firm loses secrets of 180,000 clients
    > Jan. 30, 2003
    > Co-operators Life Insurance Company has warned more than 180,000
    > customers across Canada about possible identity theft after the
    > disappearance of a computer hard drive containing personal
    > information.
    > In a letter to life insurance and pension plan clients, the top
    > official of the company's parent firm says the loss of the hard
    > drive in Regina is extremely serious and "theft of an individual's
    > identity is possible in such circumstances."
    > "Vital information such as name, address, date of birth, social
    > insurance number and mother's maiden name can be used to access
    > financial accounts, open new bank accounts, transfer bank balances,
    > apply for loans, credit cards and other financial services,"
    > Co-operators chief executive officer Kathy Bardswick said in the
    > letter this week.
    > Bardswick urged policy holders and plan members to review and verify
    > all bank accounts, credit cards and any financial transactions
    > because of the increased risk.
    > But Guelph-based Co-operators is not the only company with sensitive
    > information on the hard drive.
    > Regina-based ISM Canada, the firm responsible for storing data from
    > the Co-operators, admitted that information from other clients,
    > private companies and public agencies, was also on the hard drive.
    > ISM would not disclose which companies or agencies were affected.
    > The Saskatchewan government has confirmed the missing hard drive
    > contained many crucial files.
    > Workers' Compensation Board records, thousands of public servant
    > pension statements, bulk fuel rebate applications, SaskPower
    > billings, doctor pay lists and physician service data are on the
    > missing hard drive.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 01:25:57 PST