The private details of 13,000 ING US Financial Services clients were on a laptop stolen from the home of a company employee. The company was affected by a similar incident last December. In both cases the data on the stolen equipment was unencrypted, though ING has stated it is changing this aspect of its IT security policy. According to experts at InfoWatch, action should have been taken before the first incident.
Social Security numbers and other personal data on 13,000 District of Columbia workers and retirees were stolen along with a laptop computer from the home of a ING US Financial Services employee, Market Watch reports. The company, a subsidiary of Dutch firm ING Groep N.V., manages the District's retirement plan.
The theft occurred over two weeks ago, but ING took several days to confirm the details of the crime and ascertain what information was stored on the laptop, an ING spokeswoman said. The company is mailing letters to the workers and retirees whose personal data was stored on the computer, and will pay for a year of credit monitoring and identity-theft protection. None of the information on the stolen laptop was encrypted.
This is not the first time that ING has lost a laptop computer containing confidential data. Last December a laptop was stolen that contained unencrypted data on 8,500 hospital workers. Following the latest incident an ING spokeswoman said that putting unencrypted data on laptop computers "is not the ING standard." She added that the company was “aggressively moving forward” with a policy that will see all data on laptops being encrypted and password-protected.
“I wonder how many more times ING has to suffer the effects of a data leak before it finally introduces a proper IT security policy and sticks to it? It may well be the case that the company really is in the process of introducing a policy, but the statements to that effect could just be the same kind of excuses we have already heard from the firm several times before. The risks of confidential and private data leaking out are very high and ING will learn for a second time just how expensive a breach can be. So, why put up with those risks when there are perfectly reliable ways of controlling them?” asks Denis Zenkin, marketing director at InfoWatch.
Source: Market Watch
