THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

State Street: Data stolen from vendor

Email|Print|Single Page| Text size + By Ross Kerber
Globe Staff / May 30, 2008

State Street Corp. said yesterday that a disk drive containing personal details from 5,500 employees and 40,000 customer accounts was stolen from the office of another firm hired for data analysis.

The incident could leave individuals open to identity theft and is the latest example to show how financial companies can be vulnerable to the physical loss of devices storing information, no matter how strong their online safeguards.

State Street is offering free credit monitoring services for two years to people whose data were compromised, in line with other banks in similar situations. A spokeswoman for State Street of Boston, the world's largest institutional asset manager, said the compromised information was among a batch of data sent to the analysis firm, which she declined to identify except to say it was in the United States.

At the time of the transfer, the data were encrypted, making it much more difficult to misuse. But the firm had unencrypted the information for its work and stored it on the hard drive that was then stolen, said spokeswoman Carolyn Cichon.

Lost details included individuals' names, addresses, dates of birth, and, in some cases, Social Security numbers. To date, there is no evidence the information has been misused, State Street said.

The theft was reported to federal authorities, Cichon said, and to local ones the company declined to identify. Although the theft occurred in December and was reported to State Street in January, State Street didn't disclose the breach publicly or to individuals until yesterday because it took months to determine who was affected, she said.

Financial services companies tend to spend more on security than do other industries because of the sensitivity of the information they handle. But State Street's report follows another last week that showed how large banks can be vulnerable to physical losses, no matter how strong their precautions like the firewalls around their data networks.

Since last week, Connecticut officials, including Attorney General Richard Blumenthal, have described how a storage company working for Bank of New York Mellon lost unencrypted backup storage tapes containing the Social Security numbers and account data for as many as 4.5 million customers.

In the State Street case, the vendor had been hired to review records following State Street's purchase of cross-town financial services rival Investors Financial Services Corp. for $4.5 billion in 2007. Lost on the hard drive were details on 5,500 people who worked for Investors Financial at the time and on 40,000 accounts held by individuals whose pension plans or assets Investors Financial had managed.

State Street said it had begun sending notices to these individuals and set up a section of its website, statestreet.com, with more details for those affected.

Ross Kerber can be reached at kerber@globe.com.

© Copyright 2008 Globe Newspaper Company.

more stories like this

  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.