http://www.suntimes.com/business/170185,CST-FIN-boeing13.article BY FRANCINE KNOWLES Business Reporter December 13, 2006 In a disturbing case of deja vu, 382,000 Boeing Co. retirees and active workers are at risk of identity theft and credit-card fraud because of the theft of a company laptop computer. The files on the computer contained their names, Social Security numbers and, in most cases, also home addresses, phone numbers and birth dates as well as salary information on some. The theft, which Boeing confirmed Tuesday, is the third such incident in the past 13 months in which a laptop computer containing personnel information was stolen, and it took place despite safeguards the company put in place. This time around, the huge number of people affected includes mostly retirees. As was the case in the other situations, information on the laptop wasn't encrypted. The latest theft took place in the first week of December, but Boeing has yet to notify affected retirees and employees. They will be notified shortly either online or by mail, Boeing spokesman Tim Neale said. The company is in the midst of putting the necessary infrastructure in place to handle questions that are anticipated, he said, including posting information on a Web site. The theft took place after an employee left the laptop unattended, and returned to find it gone, Neale said. He would not say where the theft happened, but noted no proprietary, customer or supplier data was on the computer. In November 2005, a Boeing laptop containing information on roughly 160,000 current and former Boeing employees was stolen. In that incident, bank account information was also on the computer. Also, last April, a laptop containing information on 3,600 employees and retirees was stolen. The latest incident represented a violation of company policy, Neale said. In the wake of the earlier thefts, Boeing has required that staff who work with personnel data take it off the hard drives of their computers. Managers were responsible for making sure that happened, Neale said. Employees who need to work with personnel data are now required to work off of the firewall-protected server, and if there is a need to download such information to a laptop hard drive, the information is supposed to be encrypted, he said. "It's very disturbing to us when things like this happen, and there are certain steps you can take right away ... but we realize we need to go above and beyond those," Neale said. He noted the company has a goal of replacing Social Security numbers with other types of identifiers where possible to limit the number of data bases that have that information. Boeing also is working on putting software in place that automatically encrypts personnel data, he said. Employees affected by the latest theft will be notified and provided with information on how to sign up with Experian Co., a credit-monitoring service. Boeing will pay for three years of monitoring, Neale said. Regarding the earlier thefts, he said "we haven't had any indication that anybody has misused the information, but that said, we recognize that data has been lost, and it's important to do what we can to make sure people are protected." _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Dec 14 2006 - 00:57:58 PST