Some customers of the financial planning and investment company Sterne, Agee, & Leach received an ominous letter in the mail this week. Apparently, sometime between May 29th and May 30th of this year, a data breach occurred within the company that resulted in the loss of customers’ personally identifiable information, data that included names, addresses, account numbers, and Social Security numbers.
How did this breach happen? The old fashioned way. Someone took a laptop home from work and lost it. While Sterne Agee has been able to figure out that the laptop has not been used to access the servers at their company headquarters where the rest of their customers’ data is stored, the information that was made available to anyone who finds the laptop is out there in the open, all because the customers’ personal information was stored on the laptop itself. So far, they haven’t been able to determine whether or not the laptop has been turned on, or whether the files containing customers’ private information were opened.
So what went wrong? How could the customers have prevented this personal data breach? The simple answer is, they couldn’t have. Short of doing research before signing up with Sterne Agee and finding out their corporate policies on employees being allowed to bring laptops home from the office—or other files, for that matter—the customers couldn’t have prevented their personal information from being shared.
Since customers cannot sign up to invest or save money that will earn interest without providing their full tax identities for reporting purposes, this is one of those times when handing over the Social Security number was required in order to do business. Also, this wasn’t a malicious hacking event or cybercrime that could have been prevented through better technology. It was a simple circumstance that has happened to all of us at one time or another.
The problem here is the non-compliance with best practices. It’s astounding that in 2014 many businesses and corporations still don’t have full safeguards in place. First, the laptop really shouldn’t have left the office, which does admittedly defeat the whole purpose of it even being a laptop. If there is actually work that needs to be done outside of the office or business that needs to be conducted on a portable computer, then the laptop should have been encrypted and it should never, ever store customers’ information. The problem in this scenario wasn’t that an employee took a computer out of the building and then lost it; that could have happened to anyone. For that matter, the computer could have been stolen right off the employee’s desk by a thief. The real problem is that the computer stores private information in the first place.
Fortunately for its customers, Sterne Agee recognizes the full potential of what harm this one event can cause. The letters that customers received about the breach provided step by step instructions for what action to take to protect themselves in the (hopefully) unlikely event that whoever has the computer now realizes what a goldmine he’s sitting on. The first step is to sign up for the credit monitoring services that Sterne Agee has agreed to provide. That membership will give the customers copies of their credit reports, will cause an alert to be sent to the members if any suspicious activity occurs on their credit, covers the members with $1 million worth of insurance for issues that stem from this breach, and more.
The letter also points out that customers need to stay on top of their credit reports and request further copies over a period of time; the reporting agencies and their addresses are provided in the letter for consumers’ convenience. Finally, the letter suggests taking steps that the ITRC has supported for quite some time, which is to put a fraud alert or even a security freeze on their credit files, which will thwart attempts to open new lines of credit or accounts.
If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign. For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.