Minneapolis-based Ameriprise Financial Services has agreed to pay $25,000 to the commonwealth of Massachusetts in connection with the loss of a laptop containing personal and financial data about thousands of Massachusetts residents.
The laptop was stolen in December 2005 from an Ameriprise employee who had left it unsecured and unattended in a locked vehicle in a parking lot. The exact location of the theft is unclear, although the laptop has since been recovered.
The computer contained information on about 158,000 customers, including their names, account numbers or Social Security numbers and account values. It also held identifiable personal information about 68,000 current and former Ameriprise advisors.
The employee used the information, which was not encrypted, to create business reports. According to Galvin, the employee violated Ameriprise policies and procedures by leaving the company's premises with the laptop and by not encrypting the sensitive information. In addition, saving the information to the laptop's hard drive was a violation of Ameriprise's policies and procedures at the time, according to a memorandum of understanding between the state and the company.
After the laptop was recovered, a forensic analysis firm determined that none of the sensitive data had been accessed.
Ameriprise officials could not be reached for comment.
"The amount of personal data that was on this employee's laptop computer is shocking," Galvin said in a statement. "Most of this information should not have been there. Registered broker dealers who give employees access to sensitive personal information and then allow them to carry this information on laptop computers must be held responsible and must implement all reasonable steps to prevent this form of investor abuse."