In an announcement Wednesday, Minneapolis-based Ameriprise, which was spun off last year by the American Express Co., said the data breach occurred when the laptop was stolen from an employee's locked car in a public parking lot. The name of the city where the theft occurred is not being released because the case remains under investigation by police, Connolly said.
'Basically, it was someone smashing windows and stealing items from a car,' he said. 'They took additional items, including a briefcase, which contained the laptop.' The car was not parked in an Ameriprise company parking lot, so the thief did not target the vehicle looking for data from the company, he said.
'It was a random criminal act,' Connolly said.
The laptop used password protection for Novell Inc. networking applications and Microsoft Corp.'s Windows software but the data files containing the customer and advisor data were not encrypted, as required by company policies, Connolly said.
One of the data files only included the names and internal Ameriprise account numbers of 158,000 customers, while the second file included the names and Social Security numbers of 58,000 Ameriprise advisors. No other personal information was contained in the files, the company said. Ameriprise has approximately 2.4 million customers.