By Tim Wilson
Jan 14, 2010
Lincoln National Corp. (LNC) last week disclosed a security
vulnerability in its portfolio information system that could have
compromised the account data of approximately 1.2 million customers.
In a disclosure letter (PDF) sent to the attorney general of New
Hampshire Jan. 4, attorneys for the financial services firm revealed
that a breach of the Lincoln portfolio information system had been
reported to the Financial Industry Regulatory Authority (FINRA) by an
unidentified source last August. The company was planning to issue
notification to the affected customers on Jan. 6, the letter says.
The letter does not give technical details about the breach, but it
indicates the unidentified source sent FINRA a username and password to
the portfolio management system.
"This username and password had been shared among certain employees of
[Lincoln Financial Services] and employees of affiliated companies," the
letter says. "The sharing of usernames and passwords is not permitted
under the LNC security policy."
FINRA declined to tell Lincoln whether the source of the username and
password was a current employee or some other party, according to the
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News