Data on 970,000 Stolen from AIG

Personal identifying information on 970,000 consumers was stolen from insurance giant American International Group (AIG) at an undisclosed office in the Midwest, USAToday.com reports.

AIG told USA Today that the break-in occurred March 31, and that it alerted police to the loss of a laptop computer and a file server with insurance applicants’ personal records. However, it has not alerted consumers about their vulnerability and plans to mail advisories by the end of this week.

“So far, we’re not aware of any misuse,” AIG spokesman Chris Winans told USA Today. “We didn’t want to inadvertently inform the thief that he had a computer with sensitive information on it.”

According to USA Today, the records originally came from 690 different insurance brokers in regard to group coverage for a type of supplemental medical insurance for catastrophic claims. Winans said the lost records include names and Social Security numbers.

Winans also told the paper that historically, AIG has told brokers that it doesn’t want data with names and Social Security numbers. Now it is telling them that sending that type of information is prohibited.

“We don’t need it, and we don’t want to be in possession of it,” Winans said.

It is likely that AIG will be criticized for waiting two and a half months to disclose the theft, especially after the U.S. Department of Veterans Affairs was heavily criticized for waiting three weeks to disclose its data loss on 26.5 million veterans.

Beth Givens, director of the nonprofit Privacy Rights Clearinghouse, told USA Today, “Obviously, they knew they were getting this kind of information from brokers, probably for years … but they didn’t do anything about it until they experienced this serious breach.”

For more information on data theft, read Data Theft at the VA and When the Dike Breaks: Responding to the Inevitable Data Breach.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

Compiled by Paul Kerstein