By Tim Wilson
DarkReading
Jan 14, 2010
Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers.
In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on Jan. 6, the letter says.
The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system.
"This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy."
FINRA declined to tell Lincoln whether the source of the username and password was a current employee or some other party, according to the letter.