Bad PR x 1.2 million customers!
Interesting reading:
networkworld.com/news/2010/011510-financial-firm-notifies-12m-after.html
Sounds like Lincoln National had a bunch of shared, static admin passwords and after 10 years (!!) someone was tipped off that
ex-employees still had access and may have compromised customer privacy.
Wow.
Can you imagine leaving admin passwords the same for that long, presumably spanning the departure of IT admin staff?
That’s just dumb, and the consequence these days is not “oops, lucky nothing bad happened” but rather “oops, we have to notify 1.2 million customers that we did something stupid.” Great PR.
The solution, of course, is simple. Change those passwords – often. Products such as Hitachi ID Privileged Password Manager (link below) make it even easier – they will change the password for you, automatically.
Hopefully this is a lesson for someone.. 
– Idan