Released on: September 25, 2008, 5:34 am

Press Release Author: Claudiu Popa, CISSP, PMP, CISA

Industry: Computers

Press Release Summary: Toronto-based Informatica Security President Claudiu Popa is
a recognized Canadian security professional who advises executives and organizations
about the security of their business strategies. The recent laptop theft from the
National Bank head office in Quebec illustrates a number of failures that other
firms need to learn from.

Press Release Body: Toronto, September 25, 2008 -- A laptop containing personal
information on the majority of National Bank’s mortgage clients has been stolen from
their offices, demonstrating that Canadian banks are as fallible as any other
organization while presenting the added risk of losing large amounts of financial
and personally identifiable information. The privacy of customer information is
protected by Canadian law, unfortunately numerous companies still fail to adopt
secure practices.

Claudiu Popa is a recognized security expert and Informatica’s president, a trusted
corporate advisor on matters of compliance, privacy and security: “as a leader in
security awareness and consulting, we welcome high profile cases like this for the
sole reason that we have for a mandate to educate executives as well as the Canadian
public. This is an excellent time for this organization and others to adopt better
security practices.”

The following six failures contributed to the security breach that threaten to
victimize the firm’s mortgage clients:

1.The laptop was stolen from an insecure office, indicating a lack of physical
office security.

2.If the company’s policies included anti-theft devices for mobile computers, they
were not being enforced.

3.The laptop contained a large database of personally identifiable and financial
data on numerous clients, which should never leave the office servers. Instead, such
data should be accessed over the network or remotely, one record at a time.

4.A password was reportedly used to ‘protect’ the computer. Without strong
encryption, such a basic measure is entirely inadequate for the protection of
corporate and private information.

5.The data within the database linked client names to their mortgage data,
unfortunately identifying their financial details in the process. Companies should
not aggregate such information but instead spread it across a number of databases to
protect against unauthorized disclosure.

6.The amount of information about the breach may be inadequate for potential
victims. Both the public and the firm’s customers need to understand, by example
that by correlating this information with other data, practically any type of fraud
could be committed.

Mr. Popa added: “The company’s insistence that the impact of the security breach
will be minimal and that the information was basic is unfortunate, but given that
Canadian law does not currently require the disclosure of such breaches, clients
should consider themselves lucky to have been notified and should remain vigilant
about their financial affairs for years to come”. Canada’s planned adoption of
breach notification standards has been delayed for years, but its future adoption is
considered by many as a significant benefit to Canadian customers.

About Informatica Security Corporation
Informatica Security and Privacy is a leading information risk management consulting
firm focused on providing unmatched expertise to enable client organizations to
control and mitigate information security risks, meet compliance challenges,
alleviate the effects of wrongsourcing and adopt proven standards and best practices
for exceptional governance. The firm’s FlexSecure™ risk assessments and professional
audits, FlexProtect™ security management, STORM™ (Scalable Techniques for
Operational Risk Management) and WorkLife™ Enterprise Risk Education solutions are
proven best-of-breed solutions that scale to meet the business and compliance
requirements of diverse industries.

For additional information, please contact Informatica at 416-431-9012 or visit
www.SecurityandPrivacy.com and www.InformationSecurityCanada.com.

Informatica Security and Privacy, Informatica Education, Informatica Research, the
Informatica logo, FlexSecure™, FlexProtect™ and WorkLife™, VirtualCSO™ and
VirtualCPO™ are trademarks or service marks of Informatica Corporation. All
Informatica white papers, proprietary research, Web site content, presentations,
communications, policies and Informatica-branded documentation are Copyright ©
Informatica Corporation and permission must be specifically granted for use by any
party. All other brands or product names are trademarks of their respective
companies, organizations or standards bodies.
Press Release Submission By PressReleasePoint(http://www.pressreleasepoint.com)

Web Site: http://www.InformationSecurityCanada.com

Contact Details: Claudiu Popa, CISSP, PMP, CISA
President & CSO,
Informatica Corporation
Toronto, Ontario, Canada
416-431-9012
Info@InformaticaSecurity.com
http://www.InformationSecurityCanada.com