[ISN] Toronto firm at centre of security breach

InfoSec News isn at c4i.org
Fri Jun 2 01:17:45 EDT 2006


Jun. 1, 2006

Toronto software provider Hummingbird Ltd. has found itself at the
centre of an embarrassing privacy accident involving the social
security numbers of 1.3 million American students.

Hummingbird disclosed yesterday evening that one of its employees lost
a piece of computer equipment that contained the names and social
security numbers of customers who borrowed funds from Round Rock,
Tex.-based Texas Guaranteed, a non-profit company that administers a
U.S. family education loan program.

"The privacy of customer data is of utmost importance to us and we
take our responsibility to safeguard it very seriously. We deeply
regret that this incident has occurred," Barry Litwin, Hummingbird’s
president and chief executive, said in a statement.

"We continue to investigate the facts surrounding this loss of
information and are taking all necessary action in order to ensure
that such occurrences do not happen in the future."

Hummingbird, which announced on May 26 that it is being acquired by
Palo Alto, Calif.-based holding company Symphony Technology Group for
$465 million (U.S.), said it has no reason to believe the equipment
was stolen to obtain confidential data.

The company said the equipment was password-protected and that it was
"extremely unlikely" the data would be misused. Hummingbird was given
the data as part of a contract to develop a custom document management
system for Texas Guaranteed.

According to information on Texas Guaranteed’s Web site, the equipment
was lost on May 24 but Hummingbird didn’t notify the company until
mid-afternoon on May 26, the day Hummingbird disclosed its deal with

The U.S. loan provider said that customers whose information was lost
will be notified over the coming weeks and given advice on how to
guard against identity theft.

"Even though this information is not easily accessed and used, and
even though the loss appears to be inadvertent, we are issuing this
release out of an abundance of caution, because the piece of equipment
has not been located," said Sue McMillin, president and CEO of Texas
Guaranteed, in a statement.

The use of social security numbers as a form of identification in the
United States has been a topic of considerable controversy in recent
weeks. In early May, computer disks containing the social security
numbers of 26.5 million U.S. veterans were stolen from the U.S.  
Department of Veteran Affairs, putting millions of Americans at risk
of identity fraud.

More information about the ISN mailing list