Columbian Mutual Life Insurance Company reports lost flash drive

I really miss the days when NYS posted all the breach notifications it received online, but they still occasionally post breach alerts. This week, the NYS Department of Financial Services posted an alert concerning Columbian Mutual Life Insurance Company. In looking into it, I discovered that had reported the breach on April 21st:

Columbian Mutual Life Insurance Company is warning customers that it has yet to locate a flash drive loaded with personal information – including Social Security numbers, names, and addresses.

The company – Columbian Financial Group and Columbian Mutual Life Insurance – is investigating the missing item.

The company says it does not have a reason to believe the package containing the flash drive was stolen.

It believes the package was damaged in transit while it was being mailed and the flash drive was lost.


The following is NYS’s alert on the incident:

Columbian Mutual Life Insurance Company reported the loss of a flash drive containing personal information of certain present and former agents, customers and beneficiaries.  Columbian has advised that it has sent letters to individuals whose information was lost.  The New York State Department of Financial Services is reviewing the incident, and encourages those who have received notice from Columbian to take steps to protect themselves.


In March, Columbian discovered the loss in transit of a flash drive containing personal information of certain present and former agents, customers and beneficiaries, which could include names, bank account information, street addresses, and social security numbers.  Columbian has stated that it is investigating the circumstances surrounding the incident and is taking steps to prevent similar incidents in the future.  While at this time Columbian is unaware of the misuse of any customer information as a result of this incident, Columbian will be offering free credit monitoring and identity protection services to those affected.

If You Received a Breach Notice, Consider Taking the Following Actions to Protect Yourself 

Make sure to closely monitor your credit card, monthly bills, and bank statements regularly for transactions you did not make, and check your credit report and credit score.  If you see any signs of fraud, report this immediately to the affected organization, both by phone and certified mail.  You may ask your bank or credit card company to put a security block on your account or preemptively request a new credit or debit card.  You may also want to consider closing affected bank accounts and opening new ones.

Consider having the three major credit reporting agencies (Equifax, TransUnion, and Experian) place a fraud alert in your file.  A fraud alert generally lasts for 90 days, although it can be extended.  To place a fraud alert on credit reports, customers should contact one of the three major credit reporting agencies at, or through, one of the following numbers or websites:

Equifax Fraud Assistance Department: (800) 525-6285 or
TransUnion Fraud Victim Assistance: (800) 680-7289 or
Experian: (888) EXPERIAN (397-3742) or

Furthermore, if you are a victim of identity theft or think that you may be a victim, consider placing a “security freeze” (also called “credit freeze”) on your credit report with the three major credit reporting agencies (Equifax, TransUnion, and Experian).  It generally stops prospective creditors from accessing your credit files to review your credit history, thus preventing any new credit from being opened for you, unless you authorize the agencies to allow access. Restricting access to your credit report will make it more difficult for identify thieves to open new accounts in your name.  The procedures for obtaining a security freeze are slightly different for each of the three credit reporting agencies, and for the security freeze to work it is necessary to obtain the freeze with each of the three agencies. Be sure also to protect the information of your family, including children and elderly parents.  For more information about a security freeze, visit the Federal Trade Commission’s Consumer Information Credit Freeze FAQs.

Victims of identity theft should also contact the Federal Trade Commission to file a complaint and create an Identity Theft Affidavit.

If you suspect that someone is using your Social Security number, you can call the Social Security Administration’s fraud hotline at (800) 269-0271 or go to  You can also check your earnings record by calling (800) 772-1213.

Watch Out for Pretexting Calls and “Phishing” Scams

Impacted customers and beneficiaries should not provide information to anybody who calls them claiming to be from Columbian.  Furthermore, breach victims should not provide any information in response to an email (or a link within), as these could be scam emails targeting affected Columbian customers.  These email “phishing” scams, designed to capture personal information like user names, passwords and credit card information and containing links designed to get recipients to click on them, may appear to come from Columbian. Do not click on any links (including links to free credit monitoring) sent to you in an email, or via social media, as any personal information you send through these links will be transmitted to scammers taking advantage of the incident.

More Information

For more information, contact Columbian at 877-238-2151, the toll-free number set up to assist customers, Monday through Friday 9:00 AM to 7 PM Eastern Standard Time.  You can also contact the New York State Department of Financial Services helpline at (800) 342-3736 (Monday through Friday, 8:30 AM to 4:30 PM Eastern Standard Time). Local calls can be made to (212) 480-6400.

About the author: Dissent

4 comments to “Columbian Mutual Life Insurance Company reports lost flash drive”

You can leave a reply or Trackback this post.
  1. Peter - May 24, 2015

    When emailing data like this, this should be mandatory encrypted by law, with harsh penalties like losing licenses or having to submit X future years expensive compliance reports. Else they’ll never learn. Bitlocker encryption support is $99 for a lifetime license, so cost cannot be an excuse.

    • Dissent - May 25, 2015

      Where does email come into this breach? This was a lost flash drive….?

      • Peter - May 26, 2015

        It says in the article… ⁉ Look for ‘Package in transit’. Might be a private carrier, but mailing unencrypted flash drives with data like this should we highly illegal.

        • Dissent - May 26, 2015

          Mail, yes. Your original comment said “emailing,” not “mailing,” which is why I asked.

Comments are closed.