Computer hardware has gone missing from the New York office of insurance firm CS Stars, compromising the personal records of over half a million employees. According to experts at InfoWatch the company could have prevented a leak by encrypting the data, reducing the damages of the theft to that of the hardware alone.
The names, addresses and Social Security numbers of 540,000 workers from the state of New York were stolen along with a computer from an office of CS Stars. State officials and representatives of the insurance firm made the announcement on July 24. By July 26 state officials revealed that the stolen personal computer had been recovered.
CS Stars is a Chicago-based independent insurance brokerage. Most of the affected workers are New Yorkers from across the state who are in two special funds of the workers' compensation system. One group is workers who have a second injury and another is workers who have a past injury that creates new problems. All those individuals now face the threat of identity theft.
The stolen computer belonged to the state authorities and had been passed on to the contractor CS Stars. The insurance firm had been using the computer to move the data from the state to the company's computerized claim system. Letters have been sent to all those affected informing them that their personal data has been compromised. The victims will receive one year of free credit monitoring services.
The FBI and the company that was in possession of the state-owned personal computer would not say how or where it was found, only that it was in "a secure location." However, nobody appears to know where the computer was until it was recovered.
“Of course, nobody is safe from things like burglaries and the physical theft of computers. However, it is possible to reduce the cost of such incidents to that of the stolen equipment only. It is necessary to take measures to protect confidential information from unauthorized access using, for instance, encryption. Moreover, the theft of computer hardware should be viewed just like any other IT security threat and should be reflected in the corporate security policy,” says Denis Zenkin marketing director at InfoWatch.
Source: Chron.com, Newsday.com