In the big scheme of things, it may be small breach report. But the difference between what Ameriprise Financial told the state attorney general and what they told the client caught my eye.
In a notification letter to the New Hampshire Attorney General’s Office, Ameriprise Financial Services informed the state that they had had a data breach incident involving “the theft of information ….”
Yet in the letter to the individual(s) affected, they write, “Your REIT application was lost by an express mailing vendor en route to the REIT transfer agent.”
So which was it? Lost or stolen? Hopefully, the letter to the individual(s) was the more accurate description, as I might react differently to hearing my data had been stolen as opposed to lost.
Ameriprise Financial is certainly not the only firm to have seeming discrepancies between what they report in their cover correspondence to a state attorney general’s office and what they report to those affected. It does make it difficult to code reports for data analyses, however.
Possibly related posts:
http://searchfinancialsecurity.techtarget.com/tip/0,289483,sid185_gci1393703,00.html
http://holisticinfosec.blogspot.com/search?q=ameriprise
Cheers.