Insurer alerts customers to data theft

Credit card customers were not notified when the largest single case of online theft of credit information occurred in January. Eight million credit card numbers were stolen when someone hacked into Data Processors International Inc. (DPI), which processes credit card transactions for direct marketing and mail-order catalogue companies. The company in Omaha, Neb., defended itself by saying the culprits may not have obtained any useful information. At press time it remained unclear if any usable data was compromised.

Neither DPI nor the credit card companies – MasterCard, Visa, American Express and Discover Card – have disclosed any information about the thefts on their consumer Web sites.

In contrast, when a hard drive that went missing from ISM Canada Inc. in January, contained the personal information of millions of Canadians, Guelph, Ont.-based Co-operators Life Insurance Co. had no way of knowing whether the disk drive data would be used by identity thieves. However, company officials felt the risk alone to about 176,000 of the company’s insurance policies required them to notify the customers whose data was taken. Co-operators set up a call centre and sent letters to customers with advice on actions they could take to protect themselves, such as notifying credit reporting agencies of the theft and monitoring their bank and credit card statements.

“There’s no legal obligation for us to do it,” said spokeswoman Dominique O’Rourke. “We just felt our customers had the right to know and should take steps to protect themselves.”

“While The Co-operators has always employed stringent security measures to ensure that client data is secure, today’s high-tech environment means that companies need to do even more,” reads a news item on the company’s Web site. “To this end, The Co-operators is exploring ways to further enhance its security processes to minimize the risk of a similar occurrence in the future.”

Neither Canada nor the U.S. requires companies to notify customers of data thefts. But a California law that takes effect in July will require companies to notify customers in that state if their personal data has been compromised.

Personal customer account information of Winnipeg-based Investors Group Inc. and other businesses was also on the ISM hard drive which was recovered with reportedly no evidence that the information contained on the disk was used maliciously.

Investors Group also notified its customers by letter and has said to have terminated their dealings with ISM until the company can prove the data it handles is secure.

The security breach has shed a negative light on outsourcing options, but IDC Canada’s Dan McLean, director of utility research and IT outsourcing, assures that one incident does not reflect the state of all outsourcing services. “Personally, I think it is a real stretch to make the conclusion that outsourcing puts you at more of a risk than keeping IT in house,” he said.

— with files from Lucas Mearian and Patrick Thibodeau, Computerworld (U.S.), and Carly Suppa

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now