http://seattlepi.nwsource.com/business/295982_boeinglaptop14ww.html By JAMES WALLACE P-I REPORTER December 14, 2006 The Boeing Co. said Thursday it has fired the employee whose laptop was stolen with personal information about nearly 400,000 retired and current company workers. Files on the stolen computer contained salary information, Social Security numbers, home addresses, phone numbers and birth dates. A person with knowledge of the matter said the employee data was not encrypted as company policy requires once it has been downloaded from a server. Jim McNerney, Boeing's chairman, president and chief executive, said the breach of company policy was so serious that some Boeing managers also will be disciplined. "This latest incident resulted from a clear violation of our data-protection policy," McNerney said in an e-mail to all Boeing employees. "We have very strict and clear policies and procedures about how employee information is handled," he wrote. "An employee, despite proper training, failed to comply with those requirements and as a result is being dismissed from the company." McNerney said action will be taken against some Boeing managers. "I also believe strongly that management must be held accountable when repeated failures like this occur, so the employee's management chain will be reprimanded." Boeing has not identified the employee or where in the company the person works. Nor has Boeing said where the laptop theft occurred. The laptop was stolen earlier this month from the employee's car. Even though the employee data was not encrypted, the laptop was turned off. That means the person who stole the computer would not be able to access the employee data without a password to open the computer once it was turned on. Boeing is notifying the estimated 382,000 workers, mostly retirees, whose names were in the laptop. The company said it will pay for fraud monitoring services for the past and current workers whose names and personal information was in the laptop. This is not the first time a Boeing laptop computer with sensitive employee information has been lost or stolen. There have been at least three such cases. When a similar theft occurred last year, McNerney said, Boeing implemented an "aggressive, multi-phased plan to better safeguard employee information." "But the best policies, procedures, encryption software and awareness-raising in the world can't force people to use them," he said. "It's a matter of leadership and individual responsibility. Cutting corners is never acceptable --especially when the trust of the whole team is at stake." McNerney said investigators do not believe the latest incident was aimed at identity theft. "Our investigations and security teams have been working hard with law-enforcement officials to investigate this crime," he said. "Based on what we know at this point, we believe this incident was the result of petty theft, not an attempt at identity theft. However, as our communications yesterday described, we have put in place a series of actions that assumes the worst case. We are doing everything humanly possible to recover the laptop and our data, and see that an incident like this doesn't happen again." McNerney said he had received many e-mails from Boeing employees about the computer theft. They expressed "disappointment, frustration and downright anger" about the incident. "I am just as disappointed as you are about it," McNerney said in his memo. He said Boeing is taking the right steps to prevent the loss of sensitive data from happening again. "But to ensure that all Boeing-sensitive information is safe -- even in the event of theft -- each and every one of us must actually follow the policies and procedures and use the tools available to protect information," he said. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Dec 14 2006 - 23:00:39 PST