Filed under: Data Breach, Identity Theft

Tags: data theft, laptops, security breach, theft

Comments

Alfred E Newman on Jan 14, 2007

I am an employee of one of the company’s employee information that resided on the stolen laptops in questions. What I want to know is if the laptops were stolen in January 2006, why was I not notified until January 2006 to the problem and what I should do to protect my credit. The notice I received indicated that authorities did not want to alert anyone as it would impede their investigation. What A bunch of crap! The laptops were reportedly stolen from Tower Perrin Offices in NY. My theory is that an employee took their laptop home, worked from their "home office," and the laptop was probably stolen by one of their kids friends and sold for drugs of some other reason. To top it all off Tower Perrin is still providing services for my employer/employees and no one has been fired at either Towers Perrin or my employer. I want our CIO's head on a platter!

-------------------------------------------

Well, the reason you weren't notified is what you said was in the letter. I'm not saying it's right, but it is a loophole in the law I believe.

If you feel aggrieved, I recommend contacting your HR dept and asking if they or Towers will pay for credit monitoring and ID theft insurance. Or the easiest thing to do is use our free credit inspecting service at http://go.mytruston.com. You could also seek legal counsel and look at a lawsuit.

Tom
Truston

ITHINK PRUSUCKS on Jan 19, 2007

My former employer just notified me of this computer theft with a short, brief letter. It is hard to believe that Towers Perrin did not encrypt this personal information.
My former employer evidently is not taking this matter too seriously, hell, Art Ryan's personal info wasn't stolen, so why care about ex-employees (and some current workers). I hope T-P has a good liability policy.
Signed,
Not too happy

Towers Perrin on Jan 20, 2007

I'm a current associate of one of the companies whose data was on the stolen laptops. I received a letter from Towers on 1/19/07 advising me that my personal data was on one of the stolen laptops. Towers did offer free Credit Reporting for one year, but further down the letter I was advised that I may consider placing a fraud alert on my credit files, and they provided me with the addresses of the credit reporting agencies. This got my blood boiling, considering this is a step they should have taken on thier own. I shouldn't have to clean up thier mistakes or mess. It's pathetic and thier handling of the situation is insulting to those impacted by the breach.

---------------------------------------------------

They can't place a fraud alert for you without power of attorney. And I would not trust them with that myself. A free year of credit monitoring is NOT a fair and reasonable reaction.

--Tom
Truston

Laurie on Jan 22, 2007

I too, am affected by the stolen laptops. I am so angry that I have to deal with this because of someone else's mistake. I take a lot of care in protecting my personal information and now I have this problem. I received 1 year of free credit monitoring and also put a fraud alert on my report. I am grateful to be notified and for the free monitoring but, let's be realistic - we have to monitor our credit forever now. ID theft for us could occur at anytime. Our SSN's are now going to float around for God knows how long and we are the ones who have to pay for that. That's where I'm upset. Towers Perrin should have provided me with monitoring for life because that's how long it will be necessary!

Wanda Jones on Jan 23, 2007

I am curious to know if anyone is interested in joining a nationwide lawsuit against both companies.

K Smith on Jan 24, 2007

I too was affected by this breach. I did not receive my letter until yesterday, 1/24/07. As irritated as this has made me, this is the 3rd letter that I have received related to my data being breached by a company that should have better controls in place around the handling of customer data. The fact is, this is the world we live in, get used to it. Also, as far as putting a fraud alert on your report, good luck. I did it 5 years ago when my purse was stolen. I was able to purchase 2 cars and a home with nobody ever questioning the alert on my report. However, it did prevent me from getting any type of instant credit while shopping at a store.

J on Jan 25, 2007

Thanks for your information!

I received a letter in yesterdays (1.24.07) mail, which talks of the Towers Perrin 5 laptop thefts and how this security breach is affecting former and current American Express employees (me).

After further research on the net, I'm REALLY peeved that I can't find ANY articles online mentioning the American Express group. They speak of many other companies, but they don't mention American Express.

PLEASE help those of us who are former and/or current American Express employees and put something out here about how it's affected us also. I will also be writing a letter to American Express as to why they are keeping things 'quiet' about this huge security breach.

THANK YOU VERY MUCH!! :)

Who Cares? on Jan 25, 2007

I too fall into the current and former American Express employee category and I can vouch for the fact that many of my colleagues have gotten these letters as well. American Express would dare not put their name out there and let it be known that they deal with someone who has such half ass security measures as this, but that's the facts.

Of course this isn't the first time (and I doubt it will be the last time) that something like this happens to me. This is the second time in less than a year I've been exposed because of one company or another's shenanigans. I hope to God that I can eventually join a class action lawsuit and sue their asses off.

Absolutely furious! on Jan 25, 2007

I am definitely interested in a class action lawsuit! My letter says the theft happened December 1, 2006 and I got my letter on January 25!! A little online browsing (since the information in the letter is so pathetic) reveals that Towers Perrin has had an ongoing security breach problems since 2005 and they are just now "investigating security procedures"?! Criminal negligence and no mistake!! If SSN's and compsensation information are not encrypted in this day and age any company thoroughly deserves to have the pants sued off them!! I hardly consider a third party monitoring my every financial move as anything close to a solution! It's time to get serious about holding companies responsible for not taking every possible measure to protect confidential information. I say they should be sued for every asset they have and then maybe every other company will take notice and get their acts together. And I think every company who hired such a lax consulting firm should be held responsible too!

Anthony on Jan 26, 2007

This is the second time in about a year that American Express employee data has been on laptops on they were stolen. I am all for a lawsuit against American Express. I am a former employee ( not retired )and am very upset that this has happened again. I have not worked for American Express since Spring of 2001. How long does a company need to maintain a former employees record on a laptop. I don't think that info should ever be on a laptop. American Express will continue to have poor security until it hits their wallet. Again if there is a lawsuit here everyone should jump on board.

x on Jan 27, 2007

American Express should stop OUTSOURCING their work! They should pull OUT of India as well. And furthermore, no sensitive information (account numbers or social security numbers) should EVER be on a laptop. PERIOD! This data should NEVER leave a secured work environment. And finally, they (American Express) had better NOT still be doing business with this company!

Rose Marie Jonescue on Jan 27, 2007

Towers Perrin stated that laptops had been stolen on 27Nov from a storage room. They reported the theft 7Dec and arrest made 28Dec. Why has it taken from that time until my letter receipt 25Jan to be informed. Letter head address not really from AXP Financial, just superimposed with MD: 01-06-13, comes in an envelope with Ft. Lauderdale P.O. Box and with a presorted postage paid from Cleveland. Retiree since Jan03 after over 20yrs of plenty of unpaid overtime and a very questionable freezing of my 401K Mutual Fund Investment account. There should be a class action suit against AXP and this illegal outsourcing on any and all personal records be that of any employee and most importantly their credit card holders, who should also be questioning the activities of AXP and the personal information that they have made available and accessable to anyone from any place in this now very sick evil world.

jean on Jan 28, 2007

we (me and my friend) want to join a class action lawsuit..i am a former employee of Philip Morris and she AMEX..we both got letters regarding this..AMEX is ruthless about tracking down people to pay their bills but just let their employees SS# out to every one. PM says they are big on security but it's obviously not true..and it is a joke that we are offered a free year of equiserve reports vut in the fine print lets us know if we forget to cancel, we have to pay for it after that...ugh...laughable..let's do the class action thing.

RG on Jan 29, 2007

notofied over weekend by brief letter from my employer of the 'missing laptops' from secured area. No other info just Equifax credit watch offer and a "you will be contacted'. Why is my company doing business with these incompetents?

Joe on Jan 29, 2007

I agree with Laurie....we should be provided with free monitoring for life, not just a year....
Im also interested in participating in a class-action lawsuit against Towers Perrin.

AW at TW on Jan 30, 2007

I work for Time Warner and just got my letter on January 27th. I am absolutely infuriated that my personal info has been out there for two months with no word. Also, the person who answered the Towers Perrin hotline was rude, patronizing, and of no help whatsoever.

AMPF Employee on Jan 30, 2007

I haven't seen a posting about Ameriprise Financial yet, but we're affected too, probably because we used to be a part of AMEX. Even my letter didn't even say anything about my own company, just AMEX and Towers Perrin (talk about low!!). Hey, has any affected company made an official statement (an apology is almost too much to hope for) to their employees? And isn't there a lawyer out there who wants this case, there seem to be plenty of companies involved in this disaster. Thanks for the site Tom!

GSN on Jan 31, 2007

I may know a little something about TP.
Typical! The theft does not surprise me at all, the security, as with everything else at the company is done half assed. The executives are more worried about making sure the locks on the golf shirt and ball closet are working properly than the locks on doors containing confidential information. Its a broken down system with antiquated measures taken to protect employees and clients. It affects everyone and it totally avoidable with a little business sense and practical measures in place to prevent it. Im disgusted!

BH on Feb 2, 2007

I work for American Express. The sad part is that Perrin Towers collects millions of dollars each year from American Express. They were also paid $1 million to tell American Express to get rid of our cash pension plan. Now I have to save 5% more in my 40lk if I want to retire with enough money at 65.

A benefit rep told me that Perrin had our data to tell them how much money they can save by cutting our pensions.

They should return some of their fees to pay for credit protection for life!

SMZ on Feb 2, 2007

I worked for Prudential. When I asked for a calculation of my retirement benefits, I would have liked to know that no one at Prudential could add. Had I known all my personal and financial information was being sent to an outsource company, I might have waited.
I am furious with both companies. How dare they take this in their stride deciding to wait 6 weeks to notify me of the theft of my information. And how very stupid and incompetent that they would leave this information on a laptop computer. Once the information is sent out, delete it. Towers Perrin and Prudential should be held accountable. At the very least, both should be heavily fined.

Jay on Feb 3, 2007

I am a Citicorp retiree who has received the Towers Perrin mea culpa. While I had a profitable and enjoyable association with Citicorp, there has been no communication from them, much less a letter of apology. By not addressing the situation, they are distancing themselves from TP. Citi dropped the ball on this one.

db on Feb 3, 2007

I have received the ominous letter just today from Towers Perrin. I am infuriated at the inept security measures, the disregard for those involved by delaying notification, and for the paltry offer of one year of credit monitoring. In truth, this will be a lifelong nightmare for those who were affected...what about any information within that may be linked to beneficiaries, etc? Towers Perrin, and the employers who entrusted them with our personal information (without our permission or knowledge as far as I know) should be held accountable for credit monitoring and any expenses associated in the event of identity theft for as long as the risk presents itself...which seems to me is for the rest of our lives.

I know how they work on Feb 3, 2007

This is not about a data theft. It is about the banks getting financial information and American Express getting personal access to your personal information. The economy has TANKED. It will be a while before it makes it to the media. Dubya's intent was not to get rich. He can do that without batting an eye. The other European countries; Belgium, France, Germany, Austria, Great Britian, Spain, and others are in position for the fraudulent bank failures which will be blamed on Al-Qaida, and our country will take it's long fought-for position at the bottom.

YP on Feb 3, 2007

I am so upset right now. I just received the letter today form Towers Perrin. This is ridiculous. I am going through so many stressful things in my life right now and this is another thing I have to worry about.

Disgusted on Feb 6, 2007

Ridiculous - when we got the letter to supply SSN etc to Experian we assumed it was a phishing expedition until we found this blog. Thank you everyone who has contributed thus far. Not a word has come through our corporate internal e-mail to warn us the letter was coming - how easy that could have been. Meanwhile all of my salary increase for 2006-2007-2008 is being swallowed up by increased compulsory Pension Contributions devised by - Towers Perrin!

UPSET AND TICKED OFF on Feb 9, 2007

MY HUSBAND RECEIVED ONE OF THE FORM LETTERS, AND I WAS JUST DUMBFOUNDED. HE IS RETIRED FROM CITIGROUP, AND WE WANT TO KNOW WHY CITIGROUP HAS NOT CONTACTED US AT ALL ABOUT THE SITUATION? —AND ARE THEY STILL DOING BUSINESS WITH TOWERS PERRIN?

I THOUGHT THE LETTER WAS JUST SOME FAKE COMPANY TRYING TO GET PERSONAL INFORMATION, NOW I FIND THAT IT IS TRUE!

TOWERS PERRIN OFFERS 2 YEARS OF FREE CREDIT MONITORING AND ENCLOSED A FORM TO FILL OUT FOR EQUIFAX—AND THE FIRST SET OF BLANKS TO FILL IN ARE FOR MY HUSBAND'S SOCIAL SECURITY NUMBER!! —THAT IS GUARANTEED TO REALLY STIR CONFIDENCE!!

ISN'T THAT A RATHER OBVIOUS ATTEMPT TO GET PEOPLE NOT TO TAKE THEM UP ON THEIR OFFER? (FIRST, LETS MAKE THEM THOROUGHLY PARANIOD ABOUT THEIR SOCIAL SECURITY NUMBER BEING IN UNSAFE HANDS, AND THEN IMMEDIATELY ASK THEM TO SEND IT OUT AGAIN!!)

I THINK TOWERS PERRIN SHOULD BE HELD RESPONSIBLE FINANCIALLY—WHERE IT HURTS!!—AND I THINK THE COMPANIES WHO DEAL WITH TOWERS PERRIN SHOULD LOOK LONG AND HARD AT CONTINUING TO DEAL WITH THEM.

THE LETTER STATED THE STEPS TP IS TAKING TO PREVENT THE PROBLEM FROM RECURRENCE—I DON'T GIVE A DAMN. THAT'S CLOSING THE BARN DOOR AFTER THE HORSE IS GONE! WHAT WILL THEY DO FOR US IF OUR PERSONAL INFORMATION GETS USED TO DAMAGE US FINANCIALLY? —NOT A DAMN THING! —"WE'RE SORRY" WILL NOT HELP WITH THE WORRY, AND WILL NOT HELP WITH THE HEADACHES AND FINANCIAL PROBLEMS WE WILL HAVE IF IT HAPPENS.

I AM SO FRUSTRATED AND ANGRY.

Robert on Feb 10, 2007

Just pissed beyond words. I just got this feakin letter today 2-10-2007. Here I am trying to celecbrated my birthday and I get this crap.I'm currently rebuilding my credit and now this happens. At this rate i'll never get the home i'm workin my ass off for. My past mistakes are mine to deal with, but hell these idiots are gonna screw up all the progress i've made to secure my familys future. This is why you see reports of people gone nuts on cnn destroying an office, its not in my nature to do that but i can certainly see why it might happen. Class action law suit.....Oh Hell yes lets do the damn thing, They deserve it 100% careless jack asses.

Ojars Lasmanis on Feb 13, 2007

I worked for AMEX over 20 years. When I was close to early retirement they fired me and other employees in the same age group. Over the years I witnessed a compassionate company to one that does not care about its employees or customers.

Towers Perrin fiasco is the second breach of personal data that has occurred at AMEX over the past year. I agree that AMEX or Towers should pay for all expenses for life to assure that our credit is protected. The one year free fraud protection plan reflects a cheep ass solution without any thought on the long-term impact to us.

We need to group together to place pressure on AMEX though media, courts, legislation or what ever it takes. Considering the track record I believe AMEX will make mistakes in the future and we will end up as the victims.

Dolores DeGroat on Feb 13, 2007

I did not receive my letter until last night. I spent all morning calling everyone to advise of this problem. I never received a letter from my company - only TP with my company name over them. Since I am retired I wonder what TP is doing looking at my information. I think they should all be sued just on the basis of being careless with my info. I am very careful not to give our any information and they just blew everything for me. Those people should be fired.

Giulio Valle on Feb 13, 2007

I cannot say anything more than what has already been said by the previous posts.

BUT

My Question, Where are the lawyers that are so hungry to find anything possible to sue for? Surely someone must know a lawyer to pass this opportunity on to.

I, like the rest of you am disgusted beyond words.

This is the year 2007 and surely by now every company that maintains personal private information should be mandatory that they follow a specific protocol for our protection.

What are laptops with this critical information that can potentially ruin lives being allowed to be on the streets?

And the biggest reason to sue them, is that they were not even encrypted. Utterly Stupid.

In this day and age this is totally irresponsible.

Life is hard enough without having to deal with irresponsible careless organizations that have nothing to lose because it is not their life on the line.

Let's all unite and rally against them, we must hold these organizations accountable or things will continue to get worse.

SUE! SUE! SUE!

the93rdkid on Feb 13, 2007

Only my wife works for Staten Island Hospital, but not only did she receive the letter about the theft of data, but so did I...and our adolescent children! We got the offer for the two years of monitoring, but I don't understand what Towers Perrin was doing with my data and that of my kids. And is it worth registering (no credit card reqd) with the Equifax monitoring service?

---

If they are offering it for FREE and you do NOT have to give your credit card then I reluctantly recommend taking it, without knowing more about the situation. But don't sign away liability in exchange! And remember--it is NOT foolproof. Credit monitoring does not work pefectly and often it won't report when something has happened to your credit. And it only watches your credit, not other kinds of ID theft.

If you are concerend about it then why not consider using the free myTruston credit inspecting service. you don't have to send us any sensitive data and we'll show you how to monitor your credit for free. Visit http://go.mytruston.com.

--Tom
CEO, Truston

johnben2 on Feb 14, 2007

Happy Valentines Day! As a retiree of JP Morgan Chase, I today received by letter of condolence from T-P and their "generous" offer for free credit monitoring for one year. As a previous victim of identity theft, I can assure everyone that, while fraud cannot be absolutely prevented, the ONLY way to avoid a loss is to personally review your credit reports from all three credit reporting agencies on a regular basis AND carefully review your credit card statements BEFORE you pay them.

I am distressed that JP Morgan Chase is apparently still doing business with this company, but, somehow, the low bidder always seems to hang on.

Nancy on Feb 22, 2007

Why are attorneys general or other government people NOT prosecuting under the notification provisions of the various state laws. The notification periods vary from 30 to 45 days. It doesn't seem that notification occurred timely enough here or in other cases.

DVerde12 on Mar 5, 2007

Just got my letter today. It is March 5, 2007. Sounds like I received notification well beyond a reasonable time period. I would like to see a class action suit against Towers Perrin.

JM on Mar 8, 2007

I got the same type of letter, although I've ever worked at any of the above mentioned companies, what gives? I am certainly interested in joining a class action suit should anyone know of anything that has begun. I too thought this was a scam until I found this blog, so thank you to all that have posted.

Doctor Robert on Mar 9, 2007

I work for one of the companies involved in the breach. I have had my ssn used for filing both state and federal taxes. The perp had Refunds made payable to me but at another address. Checking and savings accounts were opened under my ssn at Wachovia with the intent to have the funds deposited and withdrawn. Thankfully Wachovia was sharp enough to investigate and the accounts were closed and the funds escheated to my state of residence.

Please be aware that Wachovia had told me other refund checks came in for deposit a well, but were refused due to the name on the check not matching the account. BEWARE. Check your filings and if you have not filed yet do so.

Anonymously Former AmEx - Re Towers-Perrin Incident on Jul 23, 2008

The reason behind AmEx not appearing is threefold: 1) The Company stops at NOTHING to protect the Brand. This includes the internal messages received warning employees to funnel all external requests regarding the incident directly to Public Relations. 2) It would be an admission of negligence on the part of the Company for mishandling the data during the Data Transport. Merely, it was sent externally without encryption.
3) Anyone notice immediately following the policy change regarding the "new" Arbitration Policy only grandfathering those prior to 2003-ish? It limited the number of employees who could sue.

How CAN this company protect the shareholders and customer data if they are diminishing the confidence of the one thing that made this Company great (back in the day)? Simply put - it cannot. It has too many third parties that run the core functions and no firm grasp on all of the data that flows in and out.

Post a Comment

Name:

Email Address:

URL:

Comments: