[ISN] Hartford Financial misplaces back-up tapes with personal data on policy holders

From: InfoSec News (alerts@private)
Date: Tue Oct 30 2007 - 21:24:21 PST


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9044801

By Jaikumar Vijayan
October 30, 2007
Computerworld

The Hartford Financial Services Group Inc. has notified about 237,000 
policy holders of a potential compromise of their personal data.

The warning followed the loss of three backup tapes containing the 
names, addresses, Social Security numbers and driver's license numbers 
of customers of the company's personnel lines claims center. The tapes 
were discovered to be missing on Sept. 27.

So far, there is no evidence that the tapes were stolen or that the 
information has been misused, a company spokeswoman said. Hartford 
Financial Services has no idea if the tapes were misplaced while in 
transit to another location or if they went missing inside the company. 
But the information contained on them could only be read with "the use 
of sophisticated and expensive equipment," she added.

As a precaution, the company is offering a year's worth of free credit 
protection services from Equifax, the statement said, The services 
include credit monitoring, unlimited credit reports and $20,000 in 
identity theft protection. Individuals who elect to implement credit 
freezes on their credit lines will also be eligible for a reimbursement 
of the costs associated with that freeze, the company said in a 
statement.

The Hartford breach is similar to scores of others in recent years 
involving the loss or theft of computers and media containing sensitive 
personal data. Security analysts have recommended that companies use 
encryption to mitigate potential data loss in such situations. Many 
companies that have been reluctant to do so because of cost concerns end 
up paying significantly more in notification and other costs when a 
breach occurs, analysts have previously noted.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Oct 30 2007 - 21:32:47 PST