http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002056 By Todd Weiss Computerworld July 27, 2006 Two laptops used by U.S. Navy recruiters in New Jersey have been missing since early June, potentially exposing personal data on about 31,000 recruiters and prospective recruits. In an unrelated incident, a laptop with personal information on 12,000 employees of Armstrong World Industries Inc. was recently stolen from a locked vehicle. In the Navy case, the two machines were stolen from Navy Recruiting Station offices in Trenton and Jersey City, according to the Navy. "These laptops and several programs on them were password protected on multiple levels and the likelihood of unauthorized access to the personal data is extremely low," the Navy said in a statement. "However, the Navy is reviewing the data contained in the computers, including personal information on approximately 31,000 individuals." About 4,000 Social Security numbers were included in the data on the laptops. The Navy is in the process of notifying potentially affected individuals by mail. The laptop in Trenton was reported stolen from the recruiting station in early June, while the one in Jersey City was reported missing earlier this month. "The Navy is taking a number of measures to better ensure personal information security," the statement said. "In the near term, the Navy sent a message to its commands to comprehensively review all procedures to better ensure personal information is safeguarded." Lt. Bashon Mann, a Navy spokesman, said today that there is no evidence that any of the data has been used illegally so far. The incidents are being investigated by local police and by the Navy Criminal Investigative Service, he said. As for the Armstrong incident, a laptop with personal information on about 12,000 current and former U.S. employees of the flooring and ceiling tile maker was stolen recently from a locked car owned by a third-party payroll auditor. In a letter sent last week to the 12,000 affected workers of the Lancaster, Pa.-based company, F. Nicholas Grasberger III, senior vice president and chief financial officer, said the laptop was stolen from a car owned by an employee of Deloitte & Touche LLP. That firm conducts regular internal audits of Armstrong's corporate policies and procedures. A police report was filed, but the stolen laptop has not been recovered, Grasberger said in the letter. He did not not specify where or when the theft occurred. "While access to the personal information was password protected, the files were not encrypted, which would have provided a higher level of security," he wrote. The personal information at risk includes names, home addresses, home phone numbers, employee identification numbers, Social Security numbers and annual salaries and hourly rates of pay, according to the company. Armstrong is "not aware of any unauthorized access to or misuse of this personal information" so far, Grasberger. Dorothy Brown Smith, a spokeswoman for Armstrong, said the company would have no further comment on the matter. Armstrong is providing free credit monitoring for up to two years for the affected employees and has provided a toll-free telephone number for employees to get more information about protecting their identities. "We sincerely apologize for this incident and its associated risk," Grasberger wrote in his letter. "Deloitte & Touche has assured Armstrong that it has established additional safeguards to better secure personal information." _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 27 2006 - 22:42:41 PDT