Aviva Admits Security Breach

On May 28, 2009, an insurance and financial services company, Aviva, formerly called Norwich Union, based in the UK reported that a major data breach had put around 550 individuals in danger. Aviva, according to its company site, serves over 925,000 customers in the US.

Randy Wadle, Chief Information Officer of Aviva, stated that the data hack affected customers who set up accounts in the United States or the account beneficiaries in that country, as reported by Computerworld on June 2, 2009.

Further, the insurance company reported that the data breach, which was a result of malware installed on an Aviva PC, took place between December 30, 2008 and February 24, 2009.

Aviva sent a compulsory correspondence to the Attorney General's Office in New Hampshire and admitted that the company had recently experienced an illegal disclosure of customers' private information, and the information likely to have been exposed consisted of names, addresses and Social Security numbers.

Meanwhile, to help its customers, Aviva announced that the affected people would get a notification letter as well as free service for ID theft protection for one year along with an insurance for ID theft for an amount of $25,000.

Aviva's letter elucidated that the hack took place when the company was doing an online search for the latest addresses of the beneficiaries or policyholders whose mail had come back undelivered.

This explanation as well as the truth that it was necessary to issue new login passwords to employees lead to the assumption that the computer with which the research was done was infected with an information stealing Trojan.

However, Aviva has isolated the hijacked computer as well as has taken action to protect its environment from the same kind of malware attacks in future, the company stated through its filing in New Hampshire. Wadle said that data hack was a problem across the whole industry and something that Aviva took very seriously. He stated that protecting client data was critical for the company.

Meanwhile, as precautionary measures, Aviva has reset its employees' login passwords to prevent any future security leak.

Related article: Apple Patches QuickTime 13 Month Old Flaw

» SPAMfighter News - 6/12/2009