[ISN] Boeing fires employee whose laptop was stolen

From: InfoSec News (alerts@private)
Date: Thu Dec 14 2006 - 22:42:37 PST


http://seattlepi.nwsource.com/business/295982_boeinglaptop14ww.html

By JAMES WALLACE
P-I REPORTER
December 14, 2006

The Boeing Co. said Thursday it has fired the employee whose laptop was 
stolen with personal information about nearly 400,000 retired and 
current company workers.

Files on the stolen computer contained salary information, Social 
Security numbers, home addresses, phone numbers and birth dates.

A person with knowledge of the matter said the employee data was not 
encrypted as company policy requires once it has been downloaded from a 
server.

Jim McNerney, Boeing's chairman, president and chief executive, said the 
breach of company policy was so serious that some Boeing managers also 
will be disciplined.

"This latest incident resulted from a clear violation of our 
data-protection policy," McNerney said in an e-mail to all Boeing 
employees.

"We have very strict and clear policies and procedures about how 
employee information is handled," he wrote. "An employee, despite proper 
training, failed to comply with those requirements and as a result is 
being dismissed from the company."

McNerney said action will be taken against some Boeing managers.

"I also believe strongly that management must be held accountable when 
repeated failures like this occur, so the employee's management chain 
will be reprimanded."

Boeing has not identified the employee or where in the company the 
person works. Nor has Boeing said where the laptop theft occurred. The 
laptop was stolen earlier this month from the employee's car.

Even though the employee data was not encrypted, the laptop was turned 
off. That means the person who stole the computer would not be able to 
access the employee data without a password to open the computer once it 
was turned on.

Boeing is notifying the estimated 382,000 workers, mostly retirees, 
whose names were in the laptop. The company said it will pay for fraud 
monitoring services for the past and current workers whose names and 
personal information was in the laptop.

This is not the first time a Boeing laptop computer with sensitive 
employee information has been lost or stolen. There have been at least 
three such cases.

When a similar theft occurred last year, McNerney said, Boeing 
implemented an "aggressive, multi-phased plan to better safeguard 
employee information."

"But the best policies, procedures, encryption software and 
awareness-raising in the world can't force people to use them," he said. 
"It's a matter of leadership and individual responsibility. Cutting 
corners is never acceptable --especially when the trust of the whole 
team is at stake."

McNerney said investigators do not believe the latest incident was aimed 
at identity theft.

"Our investigations and security teams have been working hard with 
law-enforcement officials to investigate this crime," he said. "Based on 
what we know at this point, we believe this incident was the result of 
petty theft, not an attempt at identity theft. However, as our 
communications yesterday described, we have put in place a series of 
actions that assumes the worst case. We are doing everything humanly 
possible to recover the laptop and our data, and see that an incident 
like this doesn't happen again."

McNerney said he had received many e-mails from Boeing employees about 
the computer theft. They expressed "disappointment, frustration and 
downright anger" about the incident.

"I am just as disappointed as you are about it," McNerney said in his 
memo.

He said Boeing is taking the right steps to prevent the loss of 
sensitive data from happening again.

"But to ensure that all Boeing-sensitive information is safe -- even in 
the event of theft -- each and every one of us must actually follow the 
policies and procedures and use the tools available to protect 
information," he said.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Thu Dec 14 2006 - 23:00:39 PST