[ISN] Aetna Loses Laptop Containing Customer Data

From: InfoSec News (isn@private)
Date: Tue May 02 2006 - 23:38:57 PDT


By Martin H. Bosworth
May 1, 2006 

An employee of health insurance giant Aetna lost a laptop containing
data on 38,000 customers, the company said.

The information included names, addresses, and Social Security
numbers, but no financial information. The individuals were employees
of companies who bought group health coverage from Aetna. The
companies asked not to be identified.

Aetna spokesperson Cynthia Michener declined to verify where the theft
took place, or if any of the information had been used.

In a subsequent statement, Aetna CEO Ronald Michener claimed the
laptop had been secured with "strong password protection," and that
the employee responsible "did not follow corporate policies."

"We have offered to pay for credit monitoring services for our
affected members to help prevent any potential misuse of the
information, and we are contacting each affected individual directly
with information on how to access this service," Michener said.

The Aetna CEO also claimed that the company would be augmenting its
data security structure to ensure all their employees followed proper
procedure in the future.

Michener also said that Aetna was contacting all affected individuals,
and would be offering them free credit monitoring for an unspecified
period of time, to ensure they were protected from possible fraud or
identity theft.

The theft or loss of laptops has been the latest trend in data
breaches, with over 500,000 individuals potentially affected as a
result of laptops being stolen or misplaced in the last six months.  
Companies affected have included Hewlett-Packard, Verizon, Ameriprise,
and Ford.

The common thread in virtually all of these incidents is an employee
or employees downloading confidential data onto laptops, and either
leaving them physically vulnerable or failing to encrypt them.

Stealing laptops from vehicles in order to resell them has often led
to customers' information being exposed.

Companies typically offer free credit monitoring to employees or
consumers affected by data breaches, but many affected individuals
often fail to utilize the service. Some don't follow the procedures
necessary to sign up for it, while others are suspicious of providing
more personal information to companies that have already jeopardized
their customers' financial privacy.

Copyright  2003-2005 ConsumerAffairs.Com Inc

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Wed May 03 2006 - 00:08:45 PDT