This recent loss of data for 470,000 clients could lead to a lot of identities being stolen and used for opening up accounts by criminals. Corperations should be more careful, but they rarely are. CIBC is a repeat offender when it comes to exposing client personal data.
====================================================
Info missing on 470,000 Talvest fund clients -CIBC
Updated: 3:22 p.m. ET Jan 18, 2007
TORONTO – Canadian Imperial Bank of Commerce said Thursday that a backup computer file containing personal information on about 470,000 current and former clients of its Talvest Mutual Funds unit has gone missing.
Canada’s privacy commissioner, Jennifer Stoddart, said she was launching an investigation, and in a statement said she was “deeply troubled” by the incident and the number of customers affected. A Talvest hard drive disappeared and police are investigating, according to the statement from her office.
Stoddart said she has “reasonable grounds” to investigate whether the bank contravened the Personal Information Protection and Electronic Documents Act.
The commissioner’s office learned about the incident on Dec. 22, a spokeswoman said.
The missing file may have included client names, addresses, signatures, dates of birth, bank account numbers, beneficiary information or social insurance numbers, Talvest and CIBC Asset Management said in a press release. The information could conceivably be used in identity theft, but there are no signs the file has been accessed, the Talvest Web site said.
The incident happened just before Christmas while the backup file was in transit from Montreal to Toronto, CIBC spokesman Rob McLeod said. “When it arrived, the item was not in the box,” he said.
It is unclear whether the file was lost or stolen, and there is no evidence suggesting that customer details have been accessed, he said.
“We’ve been using all our normal security measures to monitor potential fraud, and we’ve seen no unusual activity. We’ve seen no inappropriate use of this information,” McLeod said.
CIBC is in the process of notifying all affected clients.
It suggests that affected Talvest clients regularly review activity in all of their financial accounts from their December statements onward, and advises them to immediately report any unauthorized activity.
The bank said it is working with police in Toronto and Montreal to investigate the incident and retrieve the file.
CIBC also said it would compensate any affected Talvest clients for monetary loss directly related to unauthorized access of personal information contained on the backup file, and would give clients a chance to enroll in a credit monitoring service at no cost.
It is not the first time an incident involving CIBC has raised privacy concerns.
In April 2005, the federal privacy commissioner rapped the bank for erroneously sending faxes containing customer information to a scrapyard operator in West Virginia. The faxes were sent between 2001 and 2004 from various bank branches. Attempts to stop the misdirected faxes were ineffective and CIBC did not notify customers until the issue became public, the commissioner concluded.
At the time, Privacy Commissioner Jennifer Stoddart urged other banks to assess their policies and privacy management practices, and address any shortcomings.
(c) Reuters 2007. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.
====================================================
Bookmark at:
StumbleUpon | Digg | Del.icio.us | Dzone | Newsvine | Spurl | Simpy | Furl | Reddit | Yahoo! MyWeb
