"year's free identity protection"
which is worth er.... nothing atall really!!!
Insurance giant coughs to malware-related data breach
The US arm of insurance giant Aviva has blamed a computer virus infection for the potential disclosure of sensitive personal information. Aviva (Norwich Union, before a recent rebranding) admitted the breach in a letter to the Attorney General of New Hampshire, one of several states that maintain strict information security …
This topic is closed for new posts.
Any Breach Found is Only Tip of Iceberg
So somebody finds malware on a PC known for stealing information and for possessing some sophistication for multiple attack vectors and remote controls. Determining what damage has been done is a staggering challenge. I opined on it some in this blog post below:
PC Malware Driven Security Breach Disclosures—A Case of Worms http://www.securitynowblog.com/endpoint_security/pc-malware-costly-security-breach-disclosures
Cheers,
Eirik
Free for a year?
Is that it?
The thing about this type of information. Compared to Card info. is it has a usefulness for a long time.
You name doesnt (really) change
Your DOB doesnt change.
You may move house. But that sort of information can be obtained.
All these infos can be used to perform REAL ID theft.
(I dont class card fraud as ID theft)
The firm is offering a year's free identity protection...
>The firm is offering a year's free identity protection at no cost as a means of protecting its clients from potential harm.
http://www.aviva.co.uk/identity-theft-protection/
Call me a cynic, but I reckon they will be looking to make some easy money upon expiry of the "free" period by taking direct debit or credit card mandates from their victims up front.
"Affected hardware"
Oh, really?
I'm sure they meant "hardware that the affected Windows software was running on" there
Doesn't sound like a trojan to me
A 'password stealing trojan' would work on external client computers connecting to Aviva's service, but from within Aviva. Sounds like a much more mundane human error data security breach where personal information was unwittingly leaked.
Or even a key-logger device.
A trojan is just not logical here - I don't buy it, and Aviva is being very vague and cagey about the precise nature of the breach.
Paris? Her video is the earliest known data security breach in humankind.
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
