http://www.computerworld.com/securitytopics/security/story/0,10801,109003,00.html By Robert McMillan FEBRUARY 24, 2006 IDG NEWS SERVICE McAfee Inc.'s auditor, Deloitte & Touche USA LLP, may be thinking of buying some security software itself, after a Deloitte employee left an unencrypted CD containing sensitive information on thousands of McAfee employees in the back of an airline seat in December. The backup CD contained names, Social Security numbers and information on stock holdings held by over 9,000 of McAfee's current and former employees, company spokeswoman Siobhan MacDermott confirmed today. The information concerned McAfee's U.S. and Canadian employees hired prior to 2005, amounting to about 6,000 former employees and 3,290 current staffers, MacDermott said. The CD was left on the airplane on Dec. 15, she said. McAfee was informed of the incident on Jan. 11, nearly a month after the disk was lost. After a Deloitte investigation determined who had been affected, McAfee began notifying employees of the situation via postal mail. The last of these notification letters was sent out last week, MacDermott said. All of those who were affected by the data loss are being given two years' worth of free credit reports, provided by the Experian Information Solutions Inc. credit bureau, she said. "We have no reason to believe that there's been or that there will be any unauthorized access to the information," MacDermott said. McAfee is now in the process of changing its corporate policies to ensure that this type of data loss does not occur in the future, MacDermott said. "We're certainly reviewing how third parties work with our data," she said. "We're working to make sure that we don't have Social Security information on these types of files moving forward." Deloitte spokesman Jeffrey Zack confirmed that a "Deloitte and Touche employee left an unlabeled backup CD in an airline seat pocket, and the lost disk may contain certain personal information on current and former employees." He would not comment on why the CD was not encrypted. Designed to protect data while "in transit and storage," McAfee's own E-Business Client lets users encrypt files "with no technical training or experience," according to the company's Web site. _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Feb 26 2006 - 23:26:06 PST