[ISN] Data on 3,000 Consumers Stolen With Computer

From: InfoSec News (isn@private)
Date: Tue Nov 08 2005 - 22:04:56 PST


http://www.washingtonpost.com/wp-dyn/content/article/2005/11/08/AR2005110801573.html

By Jonathan Krim
Washington Post Staff Writer
November 9, 2005

Social Security numbers and other information about more than 3,000
consumers were stolen recently from TransUnion LLC, one of three U.S.  
companies that maintain credit histories on individuals, in the latest
of many security breaches that have focused congressional attention on
identity theft and fraud.

The data were housed in a desktop computer that was stolen last month
from a regional sales office in California, TransUnion said. On Oct.  
21, the company sent 3,623 notices to consumers alerting them to the
breach and offering free monitoring of their credit reports for a
year.

Colleen Tunney, vice president of corporate affairs for Chicago-based
TransUnion, said the computer was probably the object of the burglary,
not the data. She said the information on the computer required a
password to access.

Tunney said the company is investigating why such information would be
stored on an individual computer in a regional office rather than on a
secure corporate network.

TransUnion and the industry's other major companies, Experian North
America Inc. and Equifax Credit Information Services Inc., are best
known as the keepers of credit reports relied upon by businesses when
consumers apply for loans, jobs, rental housing and other services.

But the agencies also are large data brokers, competing in some areas
with ChoicePoint Inc., LexisNexis and other large information-sellers
that have reported data breaches involving hundreds of thousands of
consumers.

Congress is considering bills that would set national rules for
notifying consumers whose data might have been compromised.

The data industry supports a standard that would require notification
only if a company decides there is a substantial risk that a breach
would result in fraud or identity theft.

Consumer advocates and state attorneys general support a stiffer
requirement of notification in almost all cases.

Tunney said notification in this case was "the right thing to do." She
declined to say if the notification would have been required if
Congress passes legislation favored by industry.

The breach was reported this week by the Privacy Times newsletter.

© 2005 The Washington Post Company



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Nov 08 2005 - 22:17:58 PST