Firm loses secrets of 180,000 clients

[InfoSec News <isn () c4i org>]

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1035777205819&call_pageid=968332188492&col=968793972154

TONY VAN ALPHEN
BUSINESS REPORTER
Jan. 30, 2003

Co-operators Life Insurance Company has warned more than 180,000
customers across Canada about possible identity theft after the
disappearance of a computer hard drive containing personal
information.

In a letter to life insurance and pension plan clients, the top
official of the company's parent firm says the loss of the hard drive
in Regina is extremely serious and "theft of an individual's identity
is possible in such circumstances."

"Vital information such as name, address, date of birth, social
insurance number and mother's maiden name can be used to access
financial accounts, open new bank accounts, transfer bank balances,
apply for loans, credit cards and other financial services,"  
Co-operators chief executive officer Kathy Bardswick said in the
letter this week.

Bardswick urged policy holders and plan members to review and verify
all bank accounts, credit cards and any financial transactions because
of the increased risk.

But Guelph-based Co-operators is not the only company with sensitive
information on the hard drive.

Regina-based ISM Canada, the firm responsible for storing data from
the Co-operators, admitted that information from other clients,
private companies and public agencies, was also on the hard drive. ISM
would not disclose which companies or agencies were affected.

The Saskatchewan government has confirmed the missing hard drive
contained many crucial files.

Workers' Compensation Board records, thousands of public servant
pension statements, bulk fuel rebate applications, SaskPower billings,
doctor pay lists and physician service data are on the missing hard
drive.

However, no other private sector companies have disclosed that they
had sensitive data on it.

Co-operators and the Regina Police Service noted they have not
received any reports or complaints about misuse of any information on
the hard drive yet.

Co-operators said it is possible the missing hard drive was simply
misplaced recently by ISM, however Regina police Sergeant Rick
Bourassa said investigators are treating the disappearance as a theft.

ISM is also conducting its own internal investigation.

OPP Staff Sergeant Barry Elliott, an expert in identity fraud, said
the disappearance of the hard drive in Regina could be the biggest
case of such a crime in Canada.

"This could be huge," he said in an interview last night.

"I can't remember where the numbers of potential victims could be this
large. We don't even know because there are a number of other
companies and individuals who could be at risk. It's scary."

Elliott said customers who fear exposure to identity theft shouldn't
panic because they can't lose any money from such a crime.

The financial institution would be liable, he said.

However, identity theft could put a customer at credit risk and it
will take time to clear up a person's history, Elliott noted.

ISM, a subsidiary of IBM Canada that provides a variety of services
including data management, disclosed last week that a personal
computer hard drive with customer files had "gone missing" from its
building in Regina.

The discovery was made Jan.16 and ISM reported it to Regina police,
according to company spokesperson Anne Mowat.

She said ISM has notified any affected clients but would not reveal
any other details.

In a brief news release last week, ISM said it is taking the
disappearance of the hard drive seriously but did not indicate that it
contained sensitive information or the possibility of identity theft.

Bardswick said in the Co-operators letter dated Jan. 27 that the
missing hard drive has banking data such as account and policy numbers
and monetary values of individual life insurance holders but not their
names and addresses.

The hard drive also has names, addresses, beneficiaries, monetary
values and employers of pension plan members, she revealed.

Furthermore, a separate file contained individual life insurance
policy anniversary notices including name, address and policy values
but no banking information.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.