U.S. firm Mercantile Bankshares has lost a laptop computer with the private details of 48,000 clients. The thieves now have access to thousands of Social Security and bank account numbers. The theft was made possible after an employee violated Mercantile policy by removing the laptop from the company offices. According to experts at InfoWatch, even though there were administrative restrictions, the information on the stolen computer should have been encrypted.
Mercantile Bankshares has announced the loss of one of its laptops which contained the private details of over 48,000 clients. The portable computer was stolen from an employee of subsidiary company Mercantile Potomac Bank in North Virginia.
Mercantile Potomac Bank has started notifying all those affected by the theft. The bank was quick to stress that the incident was most probably a random act and the customer details were not specifically targeted. In any case, the laptop contained Social Security and bank account numbers, as well as clients’ personal details. It has been made clear that the stolen laptop did not contain any customer passwords, PIN numbers or account expiration dates.
There is currently no evidence to suggest that the stolen information has been used to commit identity theft. The bank nonetheless informed the law enforcement agencies and regulatory bodies about the incident.
The employee responsible for the leak of confidential information violated company IT security policy by removing the computer from the bank premises. Although such a policy restricts the possible uses of a laptop, it does enable a company to reduce the number of thefts.
Mercantile has offered the affected account holders free credit monitoring services for one year and asked them to double-check their bank statements. The bank will also be putting its own monitoring procedures in place to check the accounts of those affected by the theft.
Representatives of Baltimore-based Mercantile Bankshares have already expressed their regret over the incident. They added that the bank will be reviewing the internal controls at its 238 offices in order to prevent similar thefts in future.
“Administrative controls really do help to reduce the threat of confidential data leaks. For instance, some companies simply don’t connect a number of computers to the Internet, or ban the use of things like P2P. However, incidents still occur. More often than not, employees simply violate the restrictions stated in the security policy, which is what happened at Mercantile. To prevent such incidents being repeated in the future, the company will have to encrypt all the private data on its laptops. This is the most widespread and effective method, and it should have been in use at Mercantile long ago,” says Denis Zenkin, marketing director at InfoWatch.
Source: Baltimore Business Journal
