RE: Ameriprise Loses Data on 230,000 Customers and Advisers

[Blanchard_Michael () emc com]

I really think so Mary :-)  It's easier and makes better PR to say the "laptop" was stolen instead of saying "we had an 
internal date compromise where these hackers/internal workers accessed customer data to sell on the black market" 


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I 
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Mary Landesman
Sent: Thursday, January 26, 2006 1:31 AM
To: funsec () linuxbox org
Subject: Re: [funsec] Ameriprise Loses Data on 230,000 Customers and Advisers

Do you ever wonder about these 'stolen laptops' that allegedly contained
tens or hundreds of thousands of sensitive records, myseriously stolen from
an automobile. Or fell off the back of a truck? Or disappeared in transit?
There sure seems to be an awful lot of them...

I wonder if 'stolen laptop' isn't the codename for 'internal security
breach'.

-- Mary


----- Original Message ----- 
From: "Fergie" <fergdawg () netzero net>
To: <funsec () linuxbox org>
Sent: Wednesday, January 25, 2006 8:51 PM
Subject: [funsec] Ameriprise Loses Data on 230,000 Customers and Advisers


Via The NYT.

[snip]

Ameriprise Financial, the investment advisory unit spun off from American
Express last year, said today that lists with the personal information of
about 230,000 customers and financial advisers were potentially exposed to
fraud.

The breach occurred in late December after a company laptop was stolen from
an employee's car. It contained lists of reassigned customer accounts that
were being stored unencrypted on a computer in violation of Ameriprise's
rules.

The information on the laptop included the names and Social Security numbers
of more than 70,000 current and former financial advisers and the names and
internal account numbers of about 158,000 customers. The data was being
stored in separate lists, but it is possible that there could be some
overlap between the two.

[snip]

More here:
http://www.nytimes.com/2006/01/25/business/25cnd-data.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.