CNET News reports,
The American International Group, one of the world’s largest insurers, said Wednesday that a burglar stole computer equipment in March from one of its Midwest offices that contained personal information on 930,000 people.
The personal data was on 930,000 individuals. This information was provided to AIG by employers who were seeking quotes on behalf of their employees on corporate health insurance through the company. The data apparently came from close to 700 different insurance brokers.
Of course, AIG plans to send letters to those potentially affected by the data security breach soon. But this information has been in the hands of criminals since March 31st of this year … nearly three months before letters to the victims will be sent out.
Their assumption is that since “the burglar also took a laptop computer, a camera and other computer equipment,” Winans said, adding that the insurance company thought the burglar’s objective was to take the equipment and may not have known about the personal data.
Of course Winan and others AIG’s employee data was not on the list of “stolen names and Social Security numbers–sometimes together, sometimes separately–and, in some cases, fragments of medical information,” or maybe they might have thought twice about whether to let the victims know sooner.
There are other signs of the times as well. Ohio University Alumni donors writing to find out why the University would be holding that information. Some informing them that they will no longer be making donations.
In addition bad news on the congressional front regarding corporate interests and data breaches. Corporate interests are lobbying with big guns to gain federally mandated overrides to the current state laws that require disclosure to victims. They apparently feel that they should make the decision whether to tell you if YOUR data is compromised.
All this while More than three out of every four of the worldâ€™s largest financial institutions experienced an external security breach in the past year, a dramatic increase over 2005, a new survey has revealed.:
The fourth annual poll, released today by Deloitte Touche Tohmatsu, found that 78 percent of the worldâ€™s top 100 financial services organizations that responded to the survey confirmed a security breach from outside the organization, up from just 26 percent in 2005. The survey also learned that nearly half of the organizations experienced at least one internal breach, up from 35 percent in 2005.
Phishing and pharming were responsible for 51 percent of the external attacks, while spyware and malware accounted for 48 percent. Meanwhile, insider fraud was responsible for 28 percent of the internal breaches and customer data leaks were to blame for 18 percent.