OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Lincoln National Discloses Breach Of 1.2 Million Customers (fwd)

From: lyger (lygerattrition.org)
Date: Fri Jan 15 2010 - 09:51:12 CST


---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>
Date: Fri, 15 Jan 2010 09:38:03 -0600 (CST)

http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=222301034

By Tim Wilson
DarkReading
Jan 14, 2010

Lincoln National Corp. (LNC) last week disclosed a security
vulnerability in its portfolio information system that could have
compromised the account data of approximately 1.2 million customers.

In a disclosure letter (PDF) sent to the attorney general of New
Hampshire Jan. 4, attorneys for the financial services firm revealed
that a breach of the Lincoln portfolio information system had been
reported to the Financial Industry Regulatory Authority (FINRA) by an
unidentified source last August. The company was planning to issue
notification to the affected customers on Jan. 6, the letter says.

The letter does not give technical details about the breach, but it
indicates the unidentified source sent FINRA a username and password to
the portfolio management system.

"This username and password had been shared among certain employees of
[Lincoln Financial Services] and employees of affiliated companies," the
letter says. "The sharing of usernames and passwords is not permitted
under the LNC security policy."

FINRA declined to tell Lincoln whether the source of the username and
password was a current employee or some other party, according to the
letter.

[...]

________________________________________
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News
http://www.infosecnews.org
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php