For the second time in as many months, New York Life Insurance is notifying customers of a data breach. In the newest incident, a laptop containing unencrypted customer information was stolen from an employee’s vehicle in a “smash and grab.”
In a somewhat unusual notification [pdf] to the New Hampshire Attorney General’s Office, NY Life Insurance Vice-President and General Counsel Brian O’Neill actually named the agent involved:
On July 29, 2009, Agent Peter J. Connolly of our New Jersey General Office notified us that his laptop computer was stolen from his car through a broken window on July 28, 2009. Contrary to New York Life’s security policy, Agent Connolly had not installed encryption software on his laptop. The laptop included the name, date of birth, Social Security number, policy number, and policy information of three New Hampshire residents. Agent Connolly informed us that he filed a police report with the South Orange Police Department in New Jersey.
Not only did the company name the agent in its notification to the state, but it also named the agent in its letter to those affected.
The notification to the state indicated that NY Life would be offering those affected free credit monitoring services, but the attached sample letter made no reference to any such offer.