35,000 T. Rowe price plan participants alerted
Posted by Evan Francen at 1/29/2008 12:44 PM and is filed under Stolen Computer,CBIZ Benefits and Insurance,T. Rowe Price 
Technorati Tag: Security Breach
Date Reported:
1/28/07
Organization:
T. Rowe Price
Contractor/Consultant/Branch:
T. Rowe Price Retirement Plan Services
CBIZ Benefits and Insurance Services Inc.
Victims:
Participants in various T. Rowe Price retirement plans
Number Affected:
35,000
Types of Data:
Names and Social Security numbers
Breach Description:
Computers were stolen from the office of CBIZ Benefits and Insurance that contained sensitive personal information belonging to participants in “several hundred” T. Rowe Price retirement plans. CBIZ is a vendor for T. Rowe Price that was helping the company to prepare IRS Form 5500's.
Reference URL:
Investment News online story
Report Credit:
Investment News
Response:
From the online source cited above:
T. Rowe Price Retirement Plan Services alerted 35,000 current and former participants in “several hundred” plans that their names and Social Security numbers were contained in files on computers that were stolen, said Brian Lewbart, spokesman.
taken from the office of CBIZ Benefits and Insurance Services Inc., which prepares the 5500s for T. Rowe Price
The data were kept on the computers to help complete filing of Form 5500
[Evan] I have a feeling that the information was only meant to be kept on the computers temporarily until the Form 5500's were complete. This breach demonstrates the importance in protecting confidential information no matter where it resides, no matter how long. Confidential information must remain protected in-transit and at-rest, even if temporary. Obviously, encryption could have been an effective defensive layer.
Other personal information, such as addresses, and birth dates, was not on the computers.
[Evan] This information can be obtained publicly anyway, so no help here.
The company offered those affected a free one-year subscription to an online credit monitoring service and up to $25,000 of identity theft insurance, as well as tips on protection from identity theft.
Commentary:
Not much is known about this breach yet. I am sure that there is more to come.
This is yet another case of a lost or stolen computer containing sensitive personal information without encryption (assuming there is no encryption).
Past Breaches:
Unknown
Date Reported: 1/28/07
Organization:
T. Rowe Price
Contractor/Consultant/Branch:
T. Rowe Price Retirement Plan Services
CBIZ Benefits and Insurance Services Inc.
Victims:
Participants in various T. Rowe Price retirement plans
Number Affected:
35,000
Types of Data:
Names and Social Security numbers
Breach Description:
Computers were stolen from the office of CBIZ Benefits and Insurance that contained sensitive personal information belonging to participants in “several hundred” T. Rowe Price retirement plans. CBIZ is a vendor for T. Rowe Price that was helping the company to prepare IRS Form 5500's.
Reference URL:
Investment News online story
Report Credit:
Investment News
Response:
From the online source cited above:
T. Rowe Price Retirement Plan Services alerted 35,000 current and former participants in “several hundred” plans that their names and Social Security numbers were contained in files on computers that were stolen, said Brian Lewbart, spokesman.
taken from the office of CBIZ Benefits and Insurance Services Inc., which prepares the 5500s for T. Rowe Price
The data were kept on the computers to help complete filing of Form 5500
[Evan] I have a feeling that the information was only meant to be kept on the computers temporarily until the Form 5500's were complete. This breach demonstrates the importance in protecting confidential information no matter where it resides, no matter how long. Confidential information must remain protected in-transit and at-rest, even if temporary. Obviously, encryption could have been an effective defensive layer.
Other personal information, such as addresses, and birth dates, was not on the computers.
[Evan] This information can be obtained publicly anyway, so no help here.
The company offered those affected a free one-year subscription to an online credit monitoring service and up to $25,000 of identity theft insurance, as well as tips on protection from identity theft.
Commentary:
Not much is known about this breach yet. I am sure that there is more to come.
This is yet another case of a lost or stolen computer containing sensitive personal information without encryption (assuming there is no encryption).
Past Breaches:
Unknown
Comments