Lincoln: technology issues exposed customer data since 2002
It was a series of technology issues, dating back to 2002, that Lincoln National Life Insurance and Lincoln Life & Annuity say resulted in the potential exposure of personal information of customers to other clients and their agents.
In a letter dated May 17 to the New Hampshire Attorney General’s Office, attorneys for Lincoln explain that when their system generates correspondence to a client, an e-copy is automatically stored in the client’s correspondence file so that the client and their agent can access it through a secure portal. Information in the client’s file may include name, address, policy or contract number, account values, trade and transaction activity, and date of birth. Social Security Numbers and health information are not included in the file.
In January 2010, an agent reported misfiled information from one client in another client’s file. In February, the firm got a second similar report involving another account. Within a week of the second notification, the company disabled all access to the correspondence portion of the portal while they investigated.
The investigation revealed that three technical errors — one in 2002, one in 2008, and the third in 2010 — were each “responsible for misfilings of certain correspondence from the time it occurred to the time the system was disabled in February 2010.”
Although the investigation revealed that correspondence folders containing misfiled correspondence had been accessed, they were unable to determine if the misfiled correspondence was ever accessed or opened. The firm reported that there is no indication of any misuse of misfiled correspondence, and they were notifying the 1,286 clients whose correspondence had been potentially exposed and offering to assist them adding password protection to their correspondence file.