Insurance provider American International Group (AIG) said Wednesday that the personal and medical information of nearly 1 million potential customers was placed at risk for identity theft after a burglar stole a file server in March.
None of the information has been misused, AIG spokesman Chris Winans said today. The equipment contained password-protected data – including names and Social Security numbers – that 690 insurance brokers had sent to AIG. The brokers were requesting quotes on behalf of about 970,000 clients, who worked in companies around the country.
The information, however, should have never been on the file server, Winans said.
"Incidents like this always point to ways to improve things," Winans said. "One of the things we would say is that brokers were bringing us information that we didn’t need to provide a quote. We don’t need names and Social Security numbers. We just needed statistical information about claims (history within the company)."
AIG is expected to send notification letters next week, and the company plans to open a call center to answer questions from concerned customers, Winans said. Should anyone’s information be compromised, the company has agreed to cover the cost of credit restoration.
Company officials do not believe the burglar was aware of the data he was stealing, Winans said. The company chose not to immediately announce the theft so the culprit would not realize what he had taken.
"We chose not to issue a news release because we didn’t want to compromise the investigation where (authorities) were trying to track down the perpetrator and we didn’t run the risk of advertising to the thief that they had more than just a good piece of computer hardware," Winans said.
The burglary occurred March 31 after normal working hours in one of AIG’s Midwest offices, Winans said.