John Hancock Breaches

New reports of data breaches

Thousands are left at risk in Mass.

By Gal Tziperman Lotan and Todd Wallack, Globe Correspondent | Globe Staff  |  March 13, 2010

A number of companies, including Boston insurance giant John Hancock Financial Services, have in recent months reported stolen laptops and other breaches of data security, potentially exposing personal information about thousands of Massachusetts residents.

A Woburn company said its computer systems have been hacked, a Burlington tech company reported a laptop was stolen, and Hancock reported that a CD with customers’ personal information was lost.

In November, the state reported that credit card numbers, medical records, or other personal information from nearly 1 million Massachusetts residents was stolen or exposed from 2007 through late 2009. Since that time, the state has been notified of at least six data breaches that each potentially affected more than 1,000 residents.

On March 1, the state enacted new regulations requiring companies to encrypt personal data stored on laptops or sent over the Internet, so the information would be useless to thieves if it was lost or stolen. “We’re never going to see 100 percent’’ compliance, said Barbara Anthony, the undersecretary of the state’s Office of Consumer Affairs and Business Regulation. “But I am very optimistic that most companies will try to comply.’’

Anthony predicted the number of worrisome data breaches would decline as companies and regulators take more steps to safeguard personal data.

Hancock, owned by Toronto insurer Manulife Financial, reported that a partner could not locate a CD containing customer information, including names, dates of birth, and Social Security numbers of 1,085 Massachusetts residents.

The company said the CD was password-protected and encrypted, but they offered credit monitoring to customers whose information may have been compromised.

At Lincoln National Corp., an investment and insurance company based near Philadelphia, regulators warned the company last August that a leaked user name and password may have exposed the company’s computer system to hackers. Lincoln’s system, which is used by two subsidiaries, contained records of 1.2 million customers, including 34,600 Massachusetts residents, according to the company.

Jeff VanPelt, a spokesman for Lincoln National, said the company hasn’t  found any evidence that the information has been misused, but couldn’t rule out the possibility.

Beer & Wine Hobby, a Woburn company that sells equipment over the Internet to make beer and wine, told the state last month that it learned its computer system may have been breached in 2009. The company estimated personal information was exposed for 35,000 customers, including partial credit numbers for 12,000 customers, nearly 10 percent of whom live in Massachusetts.

Nuance Communications Inc., a Burlington speech technology company, reported a laptop stolen from a locked car in Burlington may have contained personal information such as names and Social Security numbers of 1,191 Massachusetts residents.

Richard Mack, vice president of corporate communications at Nuance, said the company notified its employees, installed security and encryption software on laptops, and purchased credit monitoring services for those workers whose information was on the laptop. To his knowledge, Mack said, the personal data had not been accessed.

Beecher Carlson Holdings Inc., an insurance broker in Atlanta, said two laptops were stolen from employees attending an off-site company meeting in January. The laptops contained names and Social Security numbers for employees of Beecher Carlson’s clients, including 1,012 people who live in Massachusetts.

P.F. Chang’s China Bistro Inc., a restaurant chain based in Scottsdale, Ariz., reported the theft of “electronic equipment’’ that may have contained personal data for 1,823 current and former employees who live in Massachusetts.

Download Article

Tweet This Post