File Server With 970,000 Names Stolen From Insurance Giant

Insurance provider American International Group has confirmed the theft of a file server and other hardware that held the personal information of approximately 970,000 potential customers.

Company officials said an intruder entered one of its Midwest offices sometime after business hours in late March and walked off with a file server and other equipment, including several laptop computers, that held the data in question.

According to the firm, the break-in appeared to target the equipment itself and not the information residing on the machines.

• Click here to visit's Identity Theft Center.

• Click here to visit's Cybersecurity Center.

There have been no reported identity thefts or fraudulent activities reported as a result of the break-in thus far, an AIG spokesperson said.

According to the company, the information stored on the stolen machines included the names and Social Security numbers of individuals who had requested insurance quotes from 690 individual brokers located throughout the United States.

Roughly 5 percent of the stolen files included information regarding people's medical records, AIG said.

While the computer theft occurred March 31, AIG spokespeople said the company delayed reporting the situation publicly as part of its efforts to help law enforcement officials track down those who committed the crime.

The company did not indicate whether anyone has been arrested as a result of those efforts.

Another reason for the delay, said AIG, was that the file server held more than 1 million pages of text that needed to be carefully examined to figure out exactly whose information might have been exposed.

AIG said it has already begun distributing warning letters to individuals whose information was involved in the theft, and it has also agreed to cover the costs of helping people restore their credit ratings if they are eventually victimized due to the data breach.

The insurance company has also set up a phone line and customer support center to help distribute information to people affected by the problem. [ was not able to determine how to contact that support center.]

The AIG data loss is just the latest in a long string of high-profile incidents in which well-known companies have mishandled customer information.

Most recently, the U.S. Department of Veterans Affairs admitted that it had exposed the personal information of up to 26.5 million veterans when a computer was taken from an employee's home.

Other recent breaches have been reported by a regional office of the YMCA and travel site

A new study from researchers at Gartner indicates that it is markedly less expensive for companies to invest in new security and encryption technologies than it is for them to respond to a data breach.

According to the analyst firm, businesses pay roughly $6 per year per user for encryption tools, or $16 per user per year for intrusion prevention software licenses, versus paying out an average of $90 per user to address problems after a breach has occurred.

For insights on security coverage around the Web, check out Security Center Editor Larry Seltzer's Weblog.

Copyright © 2006 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.