Monday, September 17, 2012

Lincoln Financial's "Red Boat" breach notice: Is it real?

My wife and I received a disturbing letter from Lincoln Financial Services today. Well, at least it might be from Lincoln Financial Services (more on that later). The letter claims that a "Red Boat" computer server was accessed earlier this year without authorization, and the server contains images of documents that includes our personal information.

What sort of personal information? The letter doesn't say. I'm not even sure what sort of information they would have. We don't use Red Boat or Lincoln Financial directly for any financial or insurance services. We've never received mail from either company before. And it's not clear what the connection between the two companies is -- the letter merely states that Red Boat is "associated" with Lincoln, which could mean many different things.

The questions don't end there. The letter claims that Kroll Associations, not Lincoln, printed and sent this letter from a "secure printing facility", because Kroll is offering us free credit monitoring. Sounds great, right? All we need to do is go to a website or fill out a paper form to complete the authorization. The form asks for social security numbers and other personal information. Where do we send it to? Not to Kroll or Lincoln Financial, but a no-name site that has no obvious connection to either company. I won't link to it, as I'm not sure it's legit. The address for the print form is labelled "Administrator", and below it is an anonymous PO Box in Minnesota.

Then I notice the return address on the envelope is another PO Box for a "Secure Processing Center" in Georgia. The two contact telephone numbers for Kroll and Lincoln are 866 and 800 numbers, but when I try to call the one that's listed for Lincoln, no one answers the phone (it's 7:30 eastern). The real Lincoln website is no help either; the "Fraud Hotline" page doesn't even have a phone number to call. I looked online for news of the breach, but the only mention of it was on an obscure website that I'd never heard of.

So, is the letter real? It might be. Or it could be an elaborate scam. Or misleading marketing for questionable "ID monitoring" services. Even if it is real, I'm very disappointed that Lincoln and its "associate" had my information, and the communication with victims was handled so poorly.

Here's the first page of the letter:

lincoln red boat financial data breach

No comments:

Post a Comment

I will review and approve comments as soon as possible, but spam, personal attacks, and rude messages will be deleted.