Insurer reports data theft on 930,000

American International Group says burglar stole computer equipment with Social Security numbers, medical records.
The New York Times

The story "Insurer reports data theft on 930,000" published June 15, 2006 at 6:13 AM is no longer available on CNET News.

Content from The New York Times expires after 7 days.

[DaClyde]

WHY?

Why was this information being stored on a laptop in the first place? Isn't that what the whole "server" thing is for? The person who lost the laptop should be fired along with the people who set up the system which seems to mandate that confdential data be stored in the least secure location possible. And share holders should start dumping AIG stock since the company has proven how uninterested it is in securing it's customer's data.

[skeptik]

re-read

It was on the server, not the laptop. What kind of idiots do you think these guys are, the Veteran's Administration? LOL

[marileev]

Laptop Epidemic

Jason P. states the obvious asked why store this information on a laptop? We've seen this happen to numerous government and private bodies http://www.iwantmyess.com/?p=58 It's an epidemic!

Agents and other mobile employees who collect, modify and access personal data need to transfer that information immediately to proprietary servers or employ security encryption to protect that data. The technology for Remote Laptop security is out there http://www.essentialsecurity.com/FAQ.htm#3.8.9 it's up to organizations to use the tools and provide adequate Risk training.

The cure is out there, are you ready to take it?

[treet007]

3 Months to Notify the Potential Victims?

I'm sorry, but AIG took way too long to inform their 900k+ customers who may have been a victim of this burgularly. The excuse that they did not want to notify the burgular about the valuable data does not fly 3 months after the incident occurred. I believe 30 days should be the maximum time AND AIG should pay for credit file monitoring for every one of their affected customers.

As one noted in the past, "You are guilty until proven innocent" in identity theft incidents. Basically, Corporate Amercia could careless about their customer's data (and the customers) unless the incident looks bad to their bottom line.

--GIF

[Griff in Fairbanks]

Careless about personal data?

It's nice to see corporate America treating its customer with the
same reckless disdain given too America's veterans and military
personnel. I know three veterans and two active duty personnel
who still have not received any official notification and who have
to rely on (incomplete) news reports for information.

I understand AIG's customers' concerns but it was only nine
tenths of a million ... not the 26 to 27 (or more) million people
affected by the U.S. government's continuing disregard for its
veterans and military personnel.

[Dave_Brown]

Encryption.

Why would they only use a password to protect the data? Encryption should have definitely been used. A good or even somewhat knowledgeable hacker could easily crack simple password protection. Nice security guys!

Dave

[Nkully86]

Correct...Laptop + Password = big trouble

I completely agree, what can passwords do these days, especially on a laptop? If someone steals a laptop they have all the time in the world to crack the password. If the data is encrypted, no matter what kind of machine it might be, it is going to be monumentally more difficult to crack.

The 90's are over everyone and its time to guard our data with heavy artillary instead of a blunt wooden stick. http://www.essentialsecurity.com/Documents/article17.htm

[Nkully86]

Correct...Laptop + Password = big trouble

I completely agree, what can passwords do these days, especially on a laptop? If someone steals a laptop they have all the time in the world to crack the password. If the data is encrypted, no matter what kind of machine it might be, it is going to be monumentally more difficult to crack.

The 90's are over everyone and its time to guard our data with heavy artillary instead of a blunt wooden stick. http://www.essentialsecurity.com/Documents/article17.htm

I gotta tell you, this is just another addition to my list of massive thefts which is now approaching close to 60 million people in the past few months. That's almost 1/6 of this whole country, WOW, I can't wait for my turn to lie awake at night scared that my social security number and bank account numbers are free for anyones to view.

[Nkully86]

Correct...Laptop + Password spells "Steal Me"

I completely concur with your statement, password protected data on a laptop is as good as stolen. Laptops are so frequently stolen these days that a simple password can't do anything. Which brings me to my next question - why do huge companies continue to even store valuable customer data on laptops?

We need to step up to the plate and guard our data with heavy artillary (encryption) instead of throwing sticks and stones (passwords) at the enemy. http://www.essentialsecurity.com/Documents/article17.htm

This incident is just another huge theft to throw onto the spreadsheet of massive breaches in the past few months. Just in the past few months the total number of people victom to this is over 50 million...wow. I really can't wait until I can lay in bed at night knowing that my insurance company "lent" out my credit card and social security nubmers.