Thieves have stolen computer equipment containing the private records of 930,000 clients from the offices of U.S. insurance firm AIG. The insurer is now attempting to notify all those affected by the data breach and is setting up a call center to respond to any questions. According to the InfoWatch analytical center, the data leak is likely to cost AIG at least a few million dollars.
American International Group (AIG), one of the world’s largest insurance firms, has announced the loss of private data belonging to 930,000 clients after the theft of computer equipment from the company’s offices. An AIG spokesman said the criminals most probably targeted the expensive equipment rather than the personal data. However, it will be difficult to convince those affected of that. It is known that on March 31 a laptop, a camera, and computer equipment were stolen from the company offices, which is why it has been suggested the data was not the thieves’ priority. All 930,000 are thought to be employees of companies who have sought quotes on corporate health insurance policies.
It has been reported that the information was stored on a server that was only protected by a password. Therefore, there is very little stopping the thieves from selling the stolen data over the Internet if they want to. There is, after all, something worth selling. Names, Social Security numbers and medical details were all on the stolen equipment. The data had been gathered by 690 insurance brokers dealing with corporate health insurance policies across the U.S.
The AIG spokesman said the company has a copy of the stolen information and has been trying since the break-in to contact those affected. Letters to the 930,000 are expected to go out in the next week. AIG also plans to open a phone center to respond to their questions.
“Databases containing private records ought to be encrypted. That is the most effective safeguard against unauthorized access, which includes the physical removal of data along with a storage device. Any finance company will tell you that. However, the IT security policy at AIG did not take that into consideration. Now the company will have to spend millions clearing up the aftermath of the data breach,” points out Denis Zenkin, marketing director at InfoWatch.
Source: news.com