funsec mailing list archives

Re: Ameriprise Loses Data on 230,000 Customers and Advisers

From: "Mary Landesman" <mlande () bellsouth net>
Date: Fri, 27 Jan 2006 10:44:57 -0500

It was a list of reassigned customer accounts. And if you are correct and
this is based on 'user error', that in itself becomes an internal security
breach. Basically you are saying that these large financial institutions are
doing next to nothing to prevent sensitive data from ending up not only on
laptops, but on home users' spyware laden PCs as well.

-- Mary

----- Original Message ----- 
From: "Todd Towles" <toddtowles () brookshires com>
To: <Blanchard_Michael () emc com>; <mlande () bellsouth net>;
<funsec () linuxbox org>
Sent: Friday, January 27, 2006 9:42 AM
Subject: RE: [funsec] Ameriprise Loses Data on 230,000 Customers and
Advisers


Michael wrote:

Really, a friggin laptop containing your entire
customer information database.... Never.  No company larger
than 1 person would do that....it's just crazy....

 For that reason alone, those stories have got to be
stretches of the truth...


You don't really believe that Ameriprise only has 230,000 customers?
Users do all types of stupid stuff, they copy whole DB to their laptop
to finish up some accounting work at the house, or they copy data on a
USB/disk and take it home to work on stuff...I would guess it happens
more than most people ever know about.

The article makes it sound like the following. The action was against
security policy, given. But why? Because it was on the laptop at all? Or
just because it wasn't encrypted? Sounds to me that the company would
been fine with the issue, if it were encrypted...but that is just how I
am reading it.

Therefore what is their policy?

I have seen this type of things happen in pretty big companies. Users
just aren't trained on the security issues and therefore don't see it
the same way we do. Comes back to user education. (but doesn't it always
lol)

-Todd

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Ameriprise Loses Data on 230,000 Customers and Advisers, (continued)
- Re: Ameriprise Loses Data on 230,000 Customers and Advisers Mary Landesman (Jan 26)
  - Re: Ameriprise Loses Data on 230,000 Customers and Advisers Gadi Evron (Jan 26)
    - Re: Ameriprise Loses Data on 230,000 Customers and Advisers Mary Landesman (Jan 26)
    - Re: Ameriprise Loses Data on 230,000 Customers and Advisers Richard Cox (Jan 26)
- RE: Ameriprise Loses Data on 230,000 Customers and Advisers Blanchard_Michael (Jan 26)
- RE: Ameriprise Loses Data on 230,000 Customers and Advisers Blanchard_Michael (Jan 27)
  - Re: Ameriprise Loses Data on 230, 000 Customers and Advisers Valdis . Kletnieks (Jan 27)
    - Re: Ameriprise Loses Data on 230, 000 Customers and Advisers der Mouse (Jan 29)
    - Re: Ameriprise Loses Data on 230, 000 Customers and Advisers Drsolly (Jan 30)
    - Re: Ameriprise Loses Data on 230, 000 Customers and Advisers der Mouse (Jan 30)
- Re: Ameriprise Loses Data on 230,000 Customers and Advisers Mary Landesman (Jan 27)
- Re: Ameriprise Loses Data on 230,000 Customers and Advisers Fergie (Jan 28)