[Dataloss] Aetna Loses Laptop Containing Customer Data

[security curmudgeon]

Following up on Chris Walsh's post from April 27, more information 
courtesy of WK and ISN:


---------- Forwarded message ----------

http://www.consumeraffairs.com/news04/2006/05/aetna_laptop.html

By Martin H. Bosworth
ConsumerAffairs.Com
May 1, 2006

An employee of health insurance giant Aetna lost a laptop containing data 
on 38,000 customers, the company said.

The information included names, addresses, and Social Security numbers, 
but no financial information. The individuals were employees of companies 
who bought group health coverage from Aetna. The companies asked not to be 
identified.

Aetna spokesperson Cynthia Michener declined to verify where the theft 
took place, or if any of the information had been used.

In a subsequent statement, Aetna CEO Ronald Michener claimed the laptop 
had been secured with "strong password protection," and that the employee 
responsible "did not follow corporate policies."

"We have offered to pay for credit monitoring services for our affected 
members to help prevent any potential misuse of the information, and we 
are contacting each affected individual directly with information on how 
to access this service," Michener said.

The Aetna CEO also claimed that the company would be augmenting its data 
security structure to ensure all their employees followed proper procedure 
in the future.

Michener also said that Aetna was contacting all affected individuals, and 
would be offering them free credit monitoring for an unspecified period of 
time, to ensure they were protected from possible fraud or identity theft.

The theft or loss of laptops has been the latest trend in data breaches, 
with over 500,000 individuals potentially affected as a result of laptops 
being stolen or misplaced in the last six months. Companies affected have 
included Hewlett-Packard, Verizon, Ameriprise, and Ford.

[..]