IBM Loses Insurer's Data

IBM Corp. (NYSE: IBM) suffered a blow to its Enterprise On-Demand computing initiative Thursday when it was forced to notify Co-operators Life Insurance Co., one of Canada's largest insurance companies, that it had lost a hard drive containing the financial details of potentially as many as 180,000 clients.

Co-operators Life Insurance, which is based in Guelph, Ontario, was notified by IBMs Information Systems Management unit, a wholly owned subsidiary of IBM Canada Ltd. and part of IBM Global Services, on Jan. 23 that the hard drive was missing from a secure area at its premises in Regina, Saskatchewan.

IBM representatives did not return calls requesting comment. Kathy Bardswick, president and CEO of Co-operators, held a conference call with the media this morning to discuss the threat to its customers.

The missing data includes names, addresses, bank account details, beneficiaries, social insurance numbers, pension values, pre-authorized checking information, and mothers’ maiden names of Co-operators Life and Pension scheme customers. The company's automotive, home, farm, and commercial insurance customers have not been affected, Bardswick said.

The major concern here is identity theft -- when someone maxes out credit cards and runs up debts in someone else's name -- which is the largest white-collar crime in America today, according to the U.S. Federal Trade Commission (FTC). Last week the FTC announced that the number of identity theft complaints has doubled, to 160,000, in the past year."To date, we are working with the police and we have no reports of illegal activity... but it is possible for a sophisticated fraud ring to use the information for criminal purposes," Bardswick said. She added that Co-operators is doing everything it can to minimize the risks to its customers, but it would be up to customers personally to decide what action to take to prevent potential fraud. She suggested customers notify their banks to put a red flag on their credit file for transactions that occur that seem out of the ordinary.

An investigation with IBM’s ISM unit is underway to discover how the security breach happened. “We are reassessing our relationship with them,” Bardswick said, but would give no further comment on the size of the deal with IBM or how long Co-operators has been an IBM Global Services customer.

The theft of this data comes at a time when IBM is betting its future on its On-Demand computing strategy, which entails customers handing over the keys to their computing infrastructure to IBM (see IBM Scores $5B Deal With JP Morgan, IBM/Morgan Deal Shares the Wealth, and Deutsche Bank Hands IT to IBM).

Industry analysts say the question is not whether data loss or data theft will happen in an outsourcing arrangement, but rather whether it will happen more or less frequently than when companies manage their own data security.

"Many companies have thrown up their hands at data management, data protection, data security, and information systems in general, because they lack the kind of expertise that IBM delivers," says John McArthur, senior analyst with IDC