HP Employees Suffer Data Exposure

Fidelity Investments lost a laptop that had sensitive employee information for 196,000 current and former HP employees. The employes were told this week that they are at risk for identity theft and that they should take steps to protect themselves.

Here’s part of the email that went out to HP employees:

“This is to let you know that Fidelity Investments, record-keeper for the HP retirement plans, recently had a laptop computer stolen that contained personal information about you, including your name, address, social security number and compensation.”

A web site has been set up that “includes some immediate steps that you can take to protect yourself, as well as information about how to enroll for a 12-month period of credit monitoring at no cost to you and a Fidelity call center number in case you have additional questions.”

This is just the latest in string of laptop losses that have affected employees at Sun, Cisco and IBM. It’s unclear if the laptops are being targeted because of the information they contain, or if it’s just random theft. My guess would be random theft.

When I worked in the corporate world, laptops disappeared on a regular basis. Thieves are able to dress like the typical corporate type (tan slacks, blue dress shirt, just the right amount of hair mousse) and sneak into one of our offices. From there they’d look for an unattended laptop, pick it up, and carry it out the door as if they were rushing off to attend the next staff meeting.

Anyway…

Fidelity has good news for those affected. It appears the data was encrypted and the encryption key has expired on the machine – making the data more difficult to extract.

Here’s Fidelity’s take on the situation:

“At this time, we are unaware of any misuse of the information contained in the software on the laptop,” said Fidelity spokeswoman Anne Crowley. “The application was running on a temporary license from a third-party software vendor. The license has expired. Since the expiration of the license, the scrambled data would be difficult to interpret and generally unusable.

We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use. We have also employed additional security controls above and beyond our already significant monitoring activity to identify if there is any unusual activity in these accounts. Further, we have reviewed activity in the HP accounts and have found no indication of unusual or suspicious activity.”

The bottom line is that no matter how careful you are, someone else’s blunder can expose you to identity theft. The only way to avoid it is to withdraw from modern society. I’d personally rather have the 401k money.

Author: Dave Nielsen

I started using computers in 1978 on the Apple II and was first online (using my “high-speed” 1200 baud modem) in 1989. I’ve managed web sites for several Fortune 500 companies and for internet start-ups. Working for one of those start-ups is what brought me into the world of credit. I was part of the the executive team that ran QSpace, the first company to offer credit reports over the internet.

Share This Post On

12 Comments

  1. Correction: This sentence was wrong: “My personal information was stolen/lost by IBM earlier this year, and I know others in the same boat and I’m excited about it.” it should have read: “My personal information was stolen/lost by IBM earlier this year, and I know others in the same boat and I’m excited about this new service and its ability to stop identity theft.”

  2. I’ve never heard of that service…especially for free. I guess my concern with it would be if theives later learn how to get themselves listed as the “true owner”. Either way…it sounds like something I’ll want to look into.

    For now, I have a service that not only monitors my credit, but offers credit repair to my pre-theft status should anything happen. I think that’s an awesome part of the service. Most plans offer credit monitoring but not credit repair.

    I was a victim of ID theft 10 years ago and, believe it or not, I’m STILL dealing with it! I learned a couple of months ago that the thief tried to do it again…this time she got a car! Luckily for me, the dealership she got the car from realized there was shady business going on and contacted me right away so I’m in the clear on that…but I don’t ever want to have to go thru that again!

    I was told by the dealership that most ID theives know when the statute of limitations runs out and try again! That’s exactly what happened to me. The statute of limitations here in California is now seven years. That’s a great step forward from two years! But, unfortunately for me, now that I know who did it, there’s nothing I can do about it.

    Daisy

  3. This service is not yet been announced… You bring up a great point about thieves trying to get themselves listed as the “true owner” of an identity… Actually, since this new service has zero buying power, zero credit power, and zero value thieves won’t gain anything by attempting to register themselves as you. In fact – it will likely be the fastest path to being caught… Think about it this way… If you came with a national system for thieves to go online and register all their stolen cards who would sign up? No one! If by some chance a thief was stupid enough to try to register as you, they could nothing with it. They can’t buy anything and they couldn’t use it to gain credit. You might ask, “but if they have stolen my identity in the registry how can I stop it? The answer is simple, just register yourself and your account will be flagged (because there can be only one you) and the thief will be caught and the real you will stand. All you need to do is just register yourself and that’s it. No privacy issues, no sharing of information, just a simple free way to create a secure identity notification record that only you can control. I’ll keep you posted as this service is announced. I’m close to the development of the service so any comments are welcome.

Submit a Comment