Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

TransUnion notifies consumers of data loss

A burglar stole a desktop computer containing sensitive data

November 9, 2005 12:00 PM ET

Computerworld - TransUnion LLC, one of the three major credit reporting companies in the U.S., today confirmed that a desktop computer containing the Social Security numbers and other sensitive information belonging to more than 3,600 consumers was stolen from one of its facilities in October.
The theft prompted the company to notify them of the breach on Oct. 21 and offer free credit monitoring services for a year.
In a statement, TransUnion said that a "small" TransUnion sales office in California was burglarized in early October. "One of the items stolen during the incident was a password-protected desktop computer, which may have contained some personal [credit] information on approximately 3,600 consumers," the company said.
TransUnion notified local law enforcement authorities of the break-in and has assembled its own team to investigate the incident.
Since then, the credit reporting agency has been monitoring the credit reports of the affected consumers. "At this point, we do not believe there is any indication of any fraudulent activity," it said.
However, the implications of the reported breach could go beyond the customers whose data was stolen if information stored on the missing desktop enables access to databases holding information on other consumers, said Prat Moghe, CEO of Tizor Systems Inc., a Maynard, Mass.-based vendor of activity auditing tools.
TransUnion, along with Experian North America Inc. and Equifax Credit Information Services Inc., maintains credit histories on U.S. consumers that are used by lenders and other businesses for a variety of purposes.
The TransUnion breach is the latest in a series of high-profile data compromises this year involving companies such as ChoicePoint Inc., Bank of America Corp., DSW Inc., Reed Elsevier Inc.'s LexisNexis unit, Card Systems Inc. and several universities.
The rash of disclosures has raised consumer concerns about identity theft and prompted federal lawmakers to propose several new regulations.
Just last week, for instance. a subcommittee of the House Energy and Commerce Committee approved a bill that would require companies to notify consumers when their information is stolen. It would also require information brokers to tell the Federal Trade Commission about their plans for safeguarding private data for monitoring and periodic review.
If approved, the bill would override state laws such as California's much-touted SB 1386 Database Breach Notification Act and would serve as a national breach notification law. The proposed measure, however, requires companies to inform consumers of data breaches only if there is a "significant risk" of fraud.
That clause could provide a big loophole for companies and possibly result in incidents such as theone involving TransUnion to go unreported in the future, warned Alan Paller, director of the SANS Institute, a security research and training firm in Bethesda, Md.
"I believe that 98% of the time companies are not going to disclose breaches" if the law goes into effect, Paller said. "Only 2% are going to be good citizens and report breaches" even if there is nothing to suggest imminent fraud, he added.



Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...