Sensitive mortgage data discovered on P2P network
Technorati Tag: Security Breach
Date Reported:
9/21/07
Organization:
ABN Amro Mortgage Group
Contractor/Consultant:
None
Victims:
ABN Amro Mortgage Group customers
Number Affected:
5,280
Types of Data:
Name, address, Social Security number, and other personal details
Breach Description:
Three spreadsheets containing confidential customer information on more than 5,000 ABN Amro customers were discovered on a popular P2P (BearShare) network. The breach has been traced to a former employee's home computer.
Reference URL:
Channel Insider
Report Credit:
Associated Press
Response:
From the online resources referenced above:
"Three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers of ABN Amro Mortgage Group were inadvertently leaked over an online file-sharing network by a former employee."
"Tiversa Chief Executive Robert Boback said file-sharing programs are commonly misconfigured to share documents their owners never intended to make public."
"Boback said Tiversa had yet to perform a full analysis to see how far the data had spread worldwide, but found evidence the files already had moved beyond the former employee's computer."
""There is no question in my mind that ... identity thieves have these files, and if they haven't already, they will be acting on them very soon," Boback said"
"Tiversa was investigating the breach on behalf of a reporter for Dow Jones Newswires, which reported on the leakage earlier."
"The file in question leaked through the former employee's home computer"
"Michael Hanretta, a spokesman for ABN parent company Citigroup Inc., said the company was investigating."
"Citi's information-security standards require that confidential information be stored on Citi-managed devices," he said in a statement. "Protecting customer information remains a priority at Citi and we remain fully committed to physical, electronic and procedural safeguards to protect personal information."
Commentary:
This is troubling. There are a minimum of three issues here, as I see it. #1, These files were on a non-company owned and/or managed system. #2, These files were in the possession of an unauthorized person, i.e. former employee. #3, The confidential information is stored in spreadsheets that are not encrypted. Although this is a home computer, this breach demonstrates one inherent danger of P2P. Just ask Pfizer.
All companies dealing with senstive information MUST create and implement policies to protect against the four points mentioned above. Everything starts with policy.
Past Breaches:
August, 2007 - Laptop computer stolen from Matrix Capital Bank
Date Reported:
9/21/07Organization:
ABN Amro Mortgage Group
Contractor/Consultant:
None
Victims:
ABN Amro Mortgage Group customers
Number Affected:
5,280
Types of Data:
Name, address, Social Security number, and other personal details
Breach Description:
Three spreadsheets containing confidential customer information on more than 5,000 ABN Amro customers were discovered on a popular P2P (BearShare) network. The breach has been traced to a former employee's home computer.
Reference URL:
Channel Insider
Report Credit:
Associated Press
Response:
From the online resources referenced above:
"Three spreadsheets containing more than 5,000 Social Security numbers and other personal details about customers of ABN Amro Mortgage Group were inadvertently leaked over an online file-sharing network by a former employee."
"Tiversa Chief Executive Robert Boback said file-sharing programs are commonly misconfigured to share documents their owners never intended to make public."
"Boback said Tiversa had yet to perform a full analysis to see how far the data had spread worldwide, but found evidence the files already had moved beyond the former employee's computer."
""There is no question in my mind that ... identity thieves have these files, and if they haven't already, they will be acting on them very soon," Boback said"
"Tiversa was investigating the breach on behalf of a reporter for Dow Jones Newswires, which reported on the leakage earlier."
"The file in question leaked through the former employee's home computer"
"Michael Hanretta, a spokesman for ABN parent company Citigroup Inc., said the company was investigating."
"Citi's information-security standards require that confidential information be stored on Citi-managed devices," he said in a statement. "Protecting customer information remains a priority at Citi and we remain fully committed to physical, electronic and procedural safeguards to protect personal information."
Commentary:
This is troubling. There are a minimum of three issues here, as I see it. #1, These files were on a non-company owned and/or managed system. #2, These files were in the possession of an unauthorized person, i.e. former employee. #3, The confidential information is stored in spreadsheets that are not encrypted. Although this is a home computer, this breach demonstrates one inherent danger of P2P. Just ask Pfizer.
All companies dealing with senstive information MUST create and implement policies to protect against the four points mentioned above. Everything starts with policy.
Past Breaches:
August, 2007 - Laptop computer stolen from Matrix Capital Bank
Posts Atom 1.0
Comments