http://www.informationweek.com/management/showArticle.jhtml?articleID=201203456 By Sharon Gaudin InformationWeek August 7, 2007 A contract worker for VeriSign no longer works for the security company after her laptop, which held employee information, was stolen from her car. The woman, who worked in VeriSign's human resources department, failed to comply with company policies that mandate that data be encrypted and that employee information not be downloaded on laptop computers, according to Caroline Japic, a spokeswoman for VeriSign, in an interview. Japic added that the employee's contract was not renewed. She said she had no information on whether the contract was terminated prematurely or if it just happened to expire soon after the theft was reported. VeriSign, which is based in Mountain View, Calif., offers security services, including digital certificates and managed firewalls. The company also runs a range of network infrastructures, including two of the Internet's 13 root servers. The employee, who was not identified, reported to VeriSign and to local police in Sunnyvale, Calif. that she had left her laptop in her car and had parked her car in her garage on Thursday, July 12. When she went out the next morning, she found that her car had been broken into and the laptop had been stolen. Japic said the worker contacted police and then reported the theft to her employer who also contacted police and began their own internal investigation. The laptop, according to the spokesman, did not contain information on any of the company's customers but did hold information on current and former employees. Their names, Social Security numbers, dates of birth and salaries were contained, and unencrypted, on the laptop. While Japic said she did not know how many people were affected by the security breach, she did say that all of VeriSign's employees were notified of the breach. Everyone affected has been offered a year of free credit monitoring. "The Company has a policy on how to manage laptops that contain sensitive information and company data, which in this case was not followed," the company said in a written statement. "That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type." Japic said the investigation into the stolen laptop is ongoing. Last December, Boeing fired an employee whose stolen laptop contained identifying information on 382,000 current and former employees. The employee, who hasn't been identified, was fired because he violated company policy by downloading the information onto the laptop and not encrypting it. This was the third laptop theft in two years that resulted in lost employee data at Boeing. ____________________________________ Visit the InfoSec News book store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Aug 09 2007 - 00:27:06 PDT