TransUnion will review its data handling processes after loss of desktop system with information on more than 3,600 consumers
With federal legislators mulling over options for fighting identify theft and fraud, TransUnion LLC, one of three companies that maintain consumer credit histories, provided the latest scare Wednesday, revealing that a password-protected PC containing personal credit information on more than 3,600 consumers was stolen from a regional sales office in California last month.
TransUnion's disclosure follows a string of compromised data incidents that have hit companies such as Bank of America, CardSystems Solutions Inc., ChoicePoint Inc., Citigroup, and HSBC North America, as well as numerous universities.
Upon learning of the theft, TransUnion promptly sent notices to 3,623 consumers last month alerting them to the breach and offering complimentary monitoring of credit reports for a year. The Chicago-based company also notified local law enforcement, and launched an internal investigation into the incident. The focus of that internal investigation is to find out why the information was stored on a far-flung PC rather than on TransUnion's secure network, says a company spokesman.
The spokesman says TransUnion also will take a close look at its internal security and data-handling processes. Initial indications are that the burglary was centered on the computer itself, not the data within it. While a portion of the information was encrypted, "some data may have been stored in a back-up file on an unencrypted portion of the computer's hard drive," the spokesman said in an E-mail.
The TransUnion breach comes less than a week after Microsoft chief counsel Brad Smith told the Congressional Internet Caucus that the software giant supports comprehensive legislation to tackle data privacy issues at the federal level. Smith suggested a four-part piece of legislation that would mandate baseline standards, more transparent data collection practices, individual control over use and disclosure of personal information, and minimal security requirements around storage of sensitive consumer data.
TransUnion and its two rivals in the consumer credit-history market, Equifax and Experian, said in September that they would work together on development of an encryption standard they would all use to protect consumer data as it's moved between information providers and within the companies themselves. Last month, TransUnion made its fraud and identity management products available for mortgage lenders to integrate into their loan origination and underwriting systems.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.