On January 25, when an ING customer discovered that she could access client information on the ingfunds.com web site, she notified her stockbroker. In investigating the situation, ING discovered that since August 2008, a file containing the names, addresses, Social Security numbers, and account numbers of 106 ING shareholders had been available on the web through a search engine.
It appears that when an error was made in August 2008, the firm detected the error and removed a link to the file from its site but did not realize that the file remained available via search engine query.
By letter dated February 3, ING Funds notified the New Hampshire Attorney General’s Office of the breach.
Affected clients were advised to review their account statements for 2008-2010 and offered free services. The company notes that its own review of the affected accounts revealed no suspicious activity.