State Street Suffers Data Theft
New England financial firm is the latest company to suffer a data breach
May 31, 2008
Just a week after The Bank of New York Mellon hit the headlines over a lost backup tape, financial firm State Street confirmed the theft of a disk, which may contain the personal details of more than 45,000 people.
The Boston firm confirmed yesterday that the disk was stolen from an unnamed vendor providing "legal support services." In a statement on its Website, State Street explained that the disk contained information on employees and customers of Investors Financial Services, which it acquired for $4.2 billion last year.
State Street deeply regrets any concerns or inconvenience this issue has caused the customers or employees that joined State Street as a result of the acquisition,” the statement reads, adding that the company has been working with law enforcement authorities to locate the stolen disk.
Some 5,500 employees and 40,000 customers of Investors Financial Services could now be at risk of identity theft, according to The Boston Globe, although State Street downplayed this possibility.
“There is no evidence to date to suggest that the data has been misused,” the State Street statement said. “As a precaution, State Street is notifying legacy [Investors Financial Services] employees and certain legacy customers whose personal data was on the stolen equipment – this notification process is expected to be completed shortly.”State Street did not respond to Byte and Switch’s requests for comment, although The Boston Globe reports that the initial information sent over to the third-party vendor was encrypted. The legal support specialist then decrypted this data and stored it on a hard drive that was subsequently stolen, according to the report.
The drive, which contained names, addresses, and, in some cases, Social Security numbers, was apparently stolen in December and reported to State Street the following month. The financial firm did not disclose the theft until yesterday because it took months to determine who was affected, according to the Globe.
Another northeastern company attempting to resolve a major storage snafu is the Bank of New York Mellon, which recently confirmed the loss of a backup tape potentially containing information on some 4.5 million customers.
The missing tape fiasco first hit the headlines last week, when Connecticut Attorney General and privacy advocate Richard Blumenthal blasted the Bank, citing the potential impact on hundreds of thousands of Connecticut residents.
The unencrypted backup tape was one of 10 tapes given to records management specialist Archive Systems for transportation to a storage facility on February 27, he explained, although only nine tapes made it to the storage site.”This security breach seems highly dangerous, indeed possibly devastating in light of the identity theft threat,” he said in a statement last week, and urged the Bank to offer extensive and free credit monitoring and identity theft protection to affected customers.
The Bank finally complied with this demand earlier today, although executives played down the potential for large-scale identity theft in a statement.
“Although there is no indication that the data on these tapes has been misused, we are working with our clients to notify individuals who may be affected and offering two years of comprehensive fraud protection,” said Todd Gibbons, the bank’s chief risk officer.
The Connecticut Attorney General welcomed this move in a separate statement today, but he also urged the bank to provide more information about what happened.
“We have demanded [that] Bank of New York Mellon give a complete, comprehensive account of this data breach,” said Blumenthal. “The bank must explain to consumers how it lost their information, why it took so long to inform them and law enforcement, and how it will prevent future breaches.”Archive Systems refused to comment on the breach when contacted by Byte and Switch, citing “client confidentiality agreements.”
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Byte and Switch's editors directly, send us a message.
Archive Systems Inc.
You May Also Like