With federal legislators mulling over options for fighting identify theft and fraud, TransUnion LLC, one of three companies that maintain consumer credit histories, provided the latest scare Wednesday, revealing that a password-protected PC containing personal credit information on more than 3,600 consumers was stolen from a regional sales office in California last month.
TransUnion's disclosure follows a string of compromised data incidents that have hit companies such as Bank of America, CardSystems Solutions Inc., ChoicePoint Inc., Citigroup, and HSBC North America, as well as numerous universities.
Upon learning of the theft, TransUnion promptly sent notices to 3,623 consumers last month alerting them to the breach and offering complimentary monitoring of credit reports for a year. The Chicago-based company also notified local law enforcement, and launched an internal investigation into the incident. The focus of that internal investigation is to find out why the information was stored on a far-flung PC rather than on TransUnion's secure network, says a company spokesman.
The spokesman says TransUnion also will take a close look at its internal security and data-handling processes. Initial indications are that the burglary was centered on the computer itself, not the data within it. While a portion of the information was encrypted, "some data may have been stored in a back-up file on an unencrypted portion of the computer's hard drive," the spokesman said in an E-mail.
The TransUnion breach comes less than a week after Microsoft chief counsel Brad Smith told the Congressional Internet Caucus that the software giant supports comprehensive legislation to tackle data privacy issues at the federal level. Smith suggested a four-part piece of legislation that would mandate baseline standards, more transparent data collection practices, individual control over use and disclosure of personal information, and minimal security requirements around storage of sensitive consumer data.
TransUnion and its two rivals in the consumer credit-history market, Equifax and Experian, said in September that they would work together on development of an encryption standard they would all use to protect consumer data as it's moved between information providers and within the companies themselves. Last month, TransUnion made its fraud and identity management products available for mortgage lenders to integrate into their loan origination and underwriting systems.