HP Employees Suffer Data Exposure
Fidelity Investments lost a laptop that had sensitive employee information for 196,000 current and former HP employees. The employes were told this week that they are at risk for identity theft and that they should take steps to protect themselves.
Here’s part of the email that went out to HP employees:
“This is to let you know that Fidelity Investments, record-keeper for the HP retirement plans, recently had a laptop computer stolen that contained personal information about you, including your name, address, social security number and compensation.”
A web site has been set up that “includes some immediate steps that you can take to protect yourself, as well as information about how to enroll for a 12-month period of credit monitoring at no cost to you and a Fidelity call center number in case you have additional questions.”
This is just the latest in string of laptop losses that have affected employees at Sun, Cisco and IBM. It’s unclear if the laptops are being targeted because of the information they contain, or if it’s just random theft. My guess would be random theft.
When I worked in the corporate world, laptops disappeared on a regular basis. Thieves are able to dress like the typical corporate type (tan slacks, blue dress shirt, just the right amount of hair mousse) and sneak into one of our offices. From there they’d look for an unattended laptop, pick it up, and carry it out the door as if they were rushing off to attend the next staff meeting.
Fidelity has good news for those affected. It appears the data was encrypted and the encryption key has expired on the machine – making the data more difficult to extract.
Here’s Fidelity’s take on the situation:
“At this time, we are unaware of any misuse of the information contained in the software on the laptop,” said Fidelity spokeswoman Anne Crowley. “The application was running on a temporary license from a third-party software vendor. The license has expired. Since the expiration of the license, the scrambled data would be difficult to interpret and generally unusable.
We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use. We have also employed additional security controls above and beyond our already significant monitoring activity to identify if there is any unusual activity in these accounts. Further, we have reviewed activity in the HP accounts and have found no indication of unusual or suspicious activity.”
The bottom line is that no matter how careful you are, someone else’s blunder can expose you to identity theft. The only way to avoid it is to withdraw from modern society. I’d personally rather have the 401k money.