DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Stolen Pioneer bank laptop contained some customers’ data (updated)

Posted on March 2, 2015 by Dissent

Eric Anderson reports:

Pioneer Bank over the weekend alerted some of its customers that an employee’s laptop stolen Jan. 26 contained “secured personal information of certain customers, including names, social security numbers, street addresses, and account and debit card numbers.”

Letters were sent to those customers whose information “may have been on this laptop,” Pioneer said. Not all customers were affected, and Pioneer said it was “currently unaware of any misuse of any of the customer information relating to this incident.”

Read more on TimesUnion.

I wonder what they mean by “secured.”

Update: Larry Rulisun of the Times Union has more details on the theft in a follow-up report. As a commenter on this blog reports, the bank is telling customers who call that the data were “encrypted.”


Related:

  • Two more entities have folded after ransomware attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Bitcoin holds steady as hackers drain over $40 million from CoinCDX, India's top exchange
  • Missouri Adopts New Data Breach Notice Law
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Multiple lawsuits filed against Doyon Ltd over April 2024 data breach and late notification
Category: Financial SectorTheftU.S.

Post navigation

← Who ‘owns’ an investigation into a security breach?
Nina Pham to sue hospital for negligence, invasion of privacy →

5 thoughts on “NY: Stolen Pioneer bank laptop contained some customers’ data (updated)”

  1. Deborah says:
    March 2, 2015 at 5:23 pm

    It took them over a month to let us know!!! They sent the notice by postal service. When you call, they say the info was all encrypted so no “security breach” occurred. I asked why they were supplying a free year of identity protection then? “Just in case you want it” was the response.

    1. Dissent says:
      March 3, 2015 at 1:51 pm

      They said it was encrypted? Thank you!

  2. Anonymous says:
    March 2, 2015 at 8:01 pm

    AS A PIONEER CUSTOMER I WOULD LIKE TO KNOW WHY IT TOOK THEM OVER A MONTH TO CONTACT US!!!

  3. Anonymous says:
    March 5, 2015 at 1:13 pm

    One month is actually quite a rapid response from any business. Most would try to cover this up.

  4. IA Eng says:
    March 10, 2015 at 11:45 am

    I hope when they say “the data was encrypted” means that the ENTIRE laptop was encrypted. An encrypted laptop will not even boot up without the proper password.

    So, if a computer boots up to a login prompt, all a thief has to do is to crack the user’s password. Once they have done that, the user usually has rights to modify and view files they were working on, so encryption at that point is pretty useless.

    People don’t get it. If you want security, pay the price. One of the SIMPLEST things in the world is a thumb drive that has a long password on it. If the wrong password is entered 10 times in a row, it self destructs, and no one gets anything. As long as employees are not lazy – this works like a charm. Have a corporate policy that states that circumventing security policies and procedures can get you fired, and things usually stay pretty straight and narrow. The company needs to physically handle and audit corporate devices every once in a while. It allows the IT folks to either do a check up on the box for patches, so simply slick the device and reinstall a new clean load, potentially wiping out anything that might be bad.

    They took a month to see if the crook who stole the laptop might try to sell it at a pawn shop, or if it would show up on Ebay or other markets. It takes TIME to do an investigation – these things don’t happen overnight. Crooks are smart. if they know the business they want to attack, they simply stalk an employee who occasionally handles laptops. They follow the employee from work to home and everywhere in between. if an opportunity presents itself, and the laptop remains in a vehicle for a few minutes unattended, all it takes is a busted in window and the laptop is gone. Again, people are lazy – Its a highly valued commodity – lock it up in your trunk if you have one.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report