Re: Firm loses secrets of 180,000 clients

[InfoSec News <isn () c4i org>]

Forwarded from: Mark Bernard <mbernard () nbnet nb ca>

Dear Associates,

This is a huge discovery and disclosure.

I worked for IBM Global services and the Information Security Services
group we conducted Security Assurance Reviews (SARs) over ISM among
many others. You can bet that ISM and IBM will get to the bottom of
this quickly and somebody will be charged.

This incident comes at a critical point in time here in Canada leading
up to January 1st 2004 when provinces that have not already developed
their own privacy legislation will be adopting the Federal regulation
on privacy. Currently only Federally regulated business have been
forced to comply with the Personal Information Protection and
Electronic Documents Act (PIPED).

Regards,
Mark.

----- Original Message -----
From: "InfoSec News" <isn () c4i org>
To: <isn () attrition org>
Sent: Friday, January 31, 2003 2:40 AM
Subject: [ISN] Firm loses secrets of 180,000 clients


>
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Artic
le_Type1&c=Article&cid=1035777205819&call_pageid=968332188492&col=9687939721
54
> TONY VAN ALPHEN
> BUSINESS REPORTER
> Jan. 30, 2003
>
> Co-operators Life Insurance Company has warned more than 180,000
> customers across Canada about possible identity theft after the
> disappearance of a computer hard drive containing personal
> information.
>
> In a letter to life insurance and pension plan clients, the top
> official of the company's parent firm says the loss of the hard
> drive in Regina is extremely serious and "theft of an individual's
> identity is possible in such circumstances."
>
> "Vital information such as name, address, date of birth, social
> insurance number and mother's maiden name can be used to access
> financial accounts, open new bank accounts, transfer bank balances,
> apply for loans, credit cards and other financial services,"
> Co-operators chief executive officer Kathy Bardswick said in the
> letter this week.
>
> Bardswick urged policy holders and plan members to review and verify
> all bank accounts, credit cards and any financial transactions
> because of the increased risk.
>
> But Guelph-based Co-operators is not the only company with sensitive
> information on the hard drive.
>
> Regina-based ISM Canada, the firm responsible for storing data from
> the Co-operators, admitted that information from other clients,
> private companies and public agencies, was also on the hard drive.
> ISM would not disclose which companies or agencies were affected.
>
> The Saskatchewan government has confirmed the missing hard drive
> contained many crucial files.
>
> Workers' Compensation Board records, thousands of public servant
> pension statements, bulk fuel rebate applications, SaskPower
> billings, doctor pay lists and physician service data are on the
> missing hard drive.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.