follow-up: Aviva USA says 'malware' at fault in data breach

[security curmudgeon <jericho () attrition org>]

http://www.businessinsurance.com/article/20090603/NEWS/906039984

Aviva USA says 'malware' at fault in data breach
Posted On: Jun. 03, 2009 3:11 PM CST
Jeff Casale

CONCORD, N.H.Aviva USA, the life insurance and annuity arm of Aviva 
P.L.C., said it has discovered a data breach that leaked the Social 
Security numbers, names and possibly addresses of 550 of its customers.

Aviva said it notified the New Hampshire attorney general s office of the 
breach on May 29, which it said occurred between Dec. 30 last year and 
Feb. 24 this year. New Hampshire is one of several states that require 
companies to report data breaches.

The breach was due to malicious software, more commonly referred to as 
malware, that was installed on the Des Moines, Iowa-based insurers 
computer system as online research was being conducted.

According to the letter, Aviva has removed the affected hardware from 
service and issued new passwords to its employees whose login information 
may have been compromised.

Customers whose identity was potentially compromised by the breach will be 
offered free identity theft protection service for a year and identity 
theft insurance coverage up of $25,000, Aviva wrote in its letter.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php