Toronto, Canada (PressExposure) September 30, 2008 -- A laptop containing personal information on the majority of National Bankâs mortgage clients has been stolen from their offices, demonstrating that Canadian banks are as fallible as any other organization while presenting the added risk of losing large amounts of financial and personally identifiable information. The privacy of customer information is protected by Canadian law, unfortunately numerous companies still fail to adopt secure practices.
Claudiu Popa is a recognized security expert and Informaticaâs president, a trusted corporate advisor on matters of compliance, privacy and security: âas a leader in security awareness and consulting, we welcome high profile cases like this for the sole reason that we have for a mandate to educate executives as well as the Canadian public. This is an excellent time for this organization and others to adopt better security practices.â
The following six failures contributed to the security breach that threaten to victimize the firmâs mortgage clients:
1.The laptop was stolen from an insecure office, indicating a lack of physical office security.
2.If the companyâs policies included anti-theft devices for mobile computers, they were not being enforced.
3.The laptop contained a large database of personally identifiable and financial data on numerous clients, which should never leave the office servers. Instead, such data should be accessed over the network or remotely, one record at a time.
4.A password was reportedly used to âprotectâ the computer. Without strong encryption, such a basic measure is entirely inadequate for the protection of corporate and private information.
5.The data within the database linked client names to their mortgage data, unfortunately identifying their financial details in the process. Companies should not aggregate such information but instead spread it across a number of databases to protect against unauthorized disclosure.
6.The amount of information about the breach may be inadequate for potential victims. Both the public and the firmâs customers need to understand, by example that by correlating this information with other data, practically any type of fraud could be committed.
Mr. Popa added: âThe companyâs insistence that the impact of the security breach will be minimal and that the information was basic is unfortunate, but given that Canadian law does not currently require the disclosure of such breaches, clients should consider themselves lucky to have been notified and should remain vigilant about their financial affairs for years to comeâ. Canadaâs planned adoption of breach notification standards has been delayed for years, but its future adoption is considered by many as a significant benefit to Canadian customers.
About Informatica Security Corporation Informatica Security and Privacy is a leading information risk management consulting firm focused on providing unmatched expertise to enable client organizations to control and mitigate information security risks, meet compliance challenges, alleviate the effects of wrongsourcing and adopt proven standards and best practices for exceptional governance. The firmâs FlexSecureâ¢ risk assessments and professional audits, FlexProtectâ¢ security management, STORMâ¢ (Scalable Techniques for Operational Risk Management) and WorkLifeâ¢ Enterprise Risk Education solutions are proven best-of-breed solutions that scale to meet the business and compliance requirements of diverse industries.
Informatica Security and Privacy, Informatica Education, Informatica Research, the Informatica logo, FlexSecureâ¢, FlexProtectâ¢ and WorkLifeâ¢, VirtualCSOâ¢ and VirtualCPOâ¢ are trademarks or service marks of Informatica Corporation. All Informatica white papers, proprietary research, Web site content, presentations, communications, policies and Informatica-branded documentation are Copyright Â© Informatica Corporation and permission must be specifically granted for use by any party. All other brands or product names are trademarks of their respective companies, organizations or standards bodies.