http://www.computerworld.com/securitytopics/security/story/0,10801,107239,00.html By Lucas Mearian DECEMBER 20, 2005 COMPUTERWORLD ABN Amro Mortgage Group Inc. has decided it will no longer send data tapes to its credit reporting bureaus after one of those tapes -- with the private information of more than 2 million customers on it -- went missing a month ago (see "Update: Missing ABN Amro tape with 2 million names found" [1]). Instead, according to ABN Amro Mortgage Group CEO Thomas Goldstein, the company will encrypt data and send it over secure networks when possible. Otherwise, it will use special couriers in an effort to avoid another tape loss. Those changes were announced on the same day the company said it had located the missing tape containing sensitive data about residential mortgage customers, which was lost Nov. 18 while being transported by a delivery service to a credit reporting company. The tape was found yesterday, three days after the company began notifying customers that it had been lost. On Friday, ABN Amro told customers that the tape was lost while being transported by DHL Worldwide Express delivery service from a data center run by a subsidiary of LaSalle Bank Corp. in Chicago to an Experian Information Solutions Inc. credit bureau facility in Allen, Texas. The tape contained the names, account information, payment histories and social security numbers for residential mortgage customers, according to the letter ABN Amro sent customers last week. Goldstein said during today.s press conference that the search for the tape by ABN Amro, DHL and Experian was "exhaustive," and ended last week, at which time they decided to notify customers. Goldstein said the tape was then found yesterday. He also said there is still no evidence that the data was misused while it was missing, but he said there.s no way to prove the tape wasn't read or copied while it was missing. Goldstein said that the package containing the missing tape was found in its original sealed container by a DHL employee without the original air bill and that DHL then readdressed the package back to ABN Amro. Despite the tape's recovery, the problems for ABN Amro didn't end today. A gift code given to customers whose information was temporarily lost to allow them to sign up for a free credit monitoring service overwhelmed a Web site run by credit reporting agency Trans Union LLC. ABN Amro said initially that it would enroll those customers in the credit monitoring service for 90 days at no cost. That time frame was extended to year today. Tens of thousands have already registered with Trans Union today, but "2.1 million letters going out has overwhelmed the [Trans Union] Web site," Goldstein said. "I feel terrible about the frustration our customers are having on top of just getting this notification. TU and we are working together to fix this". He said Trans Union is adding a "gateway" device to limit access to the service and notify customers when they can sign up. As for the plans to transfer data electronically rather than by courier, Goldstein said ABN Amro has completed about 70% of a rollout of a secure data network to move data to its credit-reporting bureaus. "The goal starting last spring was to eliminate all physical handling of tapes -- and any tape where we cannot eliminate the physical handling because the other party cannot receive [the electronic data] will go by special courier," Goldstein said. He cited FedEx Corp. as one company ABN Amro might use. "The tape in question was to be transferred fully electronically and encrypted this month. One of the really upsetting things about this is one more month, and this couldn't have happened," Goldstein said. ABN Amro plans to continue to use DHL to ship other packages. [1] http://www.computerworld.com/databasetopics/data/story/0,10801,107230,00.html _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Dec 20 2005 - 22:58:39 PST