New Yorkers’ Personal Information Exposed by Brokerage Firm

A company that lost track of a computer containing the personal information of 540,000 New Yorkers but didn’t tell the state about it for five weeks has agreed to promptly notify people if security is breached again, Attorney General Andrew Cuomo said Thursday.

CS Stars, an independent insurance brokerage, will also put new precautions in place to safeguard consumer information and pay the state $60,000 in costs for its investigation.

The computer went missing May 9, 2006 from one of the Chicago company’s secured facilities. Most of the workers whose information was contained on the computer are New Yorkers in two special funds of the workers’ compensation system. CS Stars was using the computer to move the data – including names, addresses and Social Security numbers – from the state to the company’s computerized claim system.

It wasn’t until June 29 that the company notified the state and called in the FBI. The FBI asked that no consumers be notified immediately because it would impede their investigation, Cuomo said.

Consumers were notified starting July 18 and the computer was located July 25. Investigators determined that the information had not been accessed.

The company offered the affected workers identity theft insurance, 12 months to get free credit reports and access to fraud resolution specialists.

Identity theft is considered one of the country’s fastest growing white-collar crimes. A survey in 2006 reported that there have been more than 28 million new identity theft victims since 2003, but experts say many incidents go undetected or unreported.

Under New York’s Information Security Breach and Notification Law, any business that maintains personal information that it doesn’t own must notify the data’s owner of any security breach “immediately following discovery” and all affected consumers in the most “expedient time possible.” The attorney general’s office, Consumer Protection Board, and state office of Cyber Security also must be notified.

CS Stars admitted no violation of any laws, agreed to the notification policy and said it would beef up security.

NYS Information Security Breach and Notification Act: http://www.oag.state.ny.us/consumer/tips/id_theft_law.html

Was this article valuable?

Here are more articles you may enjoy.

Starbucks Barista Who Declined to Wear Gay Pride T-Shirt Sues Over Firing

COVID Passports Could Speed Up Revival of International Travel

Top Biden Tech Advisor Is Critic of Internet Firms; Helped Craft California Privacy Law

Carnival’s Princess Cruise Lines Must Face Passengers’ COVID-19 Lawsuit

Email This

Latest Comments

May 1, 2007 at 6:44 am

CSS = an MMC company says:

the article references them as an independent PC agency; this from their web site: ABOUT CS STARS CS STARS serves the technology needs of risk management professionals, as wel... read more
April 30, 2007 at 6:45 am

Judy says:

I was one of the people who received a letter from CS Stars. The contact letter was so \"questionable\" that I was reluctant to respond, and every person I spoke to about it ... read more
April 30, 2007 at 1:35 am

Delay? says:

Wonder why the delay? When there was a melt down at Chernobyl, no one was notified either. Sure glad they didn\'t violate any laws or feel responsible for the loss of informat... read more