FAQ
- What specifically happened?
- Has the information been misused?
- Are all State Street clients and employees potentially at risk?
- What kind of assistance will you offer people who have been impacted by this?
- Is there anything State Street clients should do right now in light of this breach?
- How are you notifying affected parties?
1. What specifically happened?
Shortly after State Street announced its agreement to acquire IBT, IBT received a request for certain information from federal regulators. As is common practice, IBT engaged an established legal support service to review IBT’s electronic records in order to identify and compile the requested data. In order to provide this service, the vendor loaded IBT data onto computer equipment, which was subsequently stolen from its facility. We have been in contact with law enforcement, which is conducting a criminal investigation of the theft. In parallel we have reconstructed and largely completed the analysis of a copy of the data stored on the stolen equipment. There is no evidence to date to suggest that the data has been misused or to suggest that legacy State Street customers and employees are impacted.
2. Has the information been misused?
Our investigation is ongoing, but there is no evidence to date suggesting that the personal information on the equipment has been misused.
3. Are all State Street clients and employees potentially at risk?
There is no indication to suggest that the data on the stolen equipment impacts legacy State Street customers and employees. Our investigation thus far has shown that the data on the stolen equipment relates to a limited number of customers of IBT and former employees of IBT.
4. What kind of assistance will you offer people who have been impacted by this?
As a precaution, we are offering free credit monitoring, where applicable, through a credit monitoring company to the parties that our analysis indicates may be affected.
5. Is there anything State Street clients should do right now in light of this breach?
There is no indication that this data, which came from IBT systems, impacts legacy State Street customers and employees. As a precaution, State Street is sending notices to legacy IBT employees and those customers whose personal data was contained on the stolen equipment. We are providing free credit monitoring where applicable and other related assistance to these individuals. We also have established a special section on our website at www.statestreet.com/notifcation with information on this matter. Additional information is available at http://www.ftc.gov/bcp/edu/microsites/idtheft/. If a legacy IBT customer or employee does not receive a notification, their personal data has not been identified as being on the stolen computer equipment.
6. How are you notifying affected parties?
There are two main groups of people who may be affected: 1) legacy IBT employees and 2) certain legacy customers of IBT. We are sending them a precautionary notification; the majority of those are going out now and should be received shortly. We also have established a special section on our website at www.statestreet.com/notification with information on this matter.