Computer With Boeing Employee Info Stolen

KOMO News ^ | 11/18/2005 | KOMO Staff & News Services

[sionnsar]

CHICAGO - A computer that contained Social Security numbers and other personal information for 161,000 current and former Boeing Co. employees was stolen, the company said Friday.

Boeing said it had no evidence that any of the employee information - which included birthdays and banking information in some cases - was accessed or misused. It added that no sensitive company information or supplier or customer data was stored on the computer, which was owned by the company but stolen from a non-Boeing site.

Chicago-based Boeing said it is in the process of notifying affected employees of the security breach and helping them enroll in fraud-alert programs at the nation's three major credit reporting agencies.

The company said it is investigating the theft along with law enforcement authorities.

"We are taking a number of steps to minimize any potential damage that could result from this violation of our security procedures," Rick Stephens, senior vice president of human resources and administration, said in a statement.

[js1138]

It's my understanding that laptop hard drives can be password protected and that this is about as secure as commercial encryption gets.

Am I wrong?

[vox_freedom]

The data on the laptop was NOT as SECURE as the best commercial encryption. From what is known to date, the data itself was not encrypted, and the laptop password could be compromised quite easily.
161,000 employee names coupled with social security numbers along with personal banking specifics deserve better security than being placed on a portable laptop. I'd be quite interested in knowing the title/level of the employee who was entrusted with this data or perhaps he/she was merely a HR consultant. So far, Boeing is being quite closed about the entire situation and defensive as they probably ought to be given potential disclosure of this employee information and the harm that could occur.

[js1138]

I was asking about what is possible. It seems irresponsible not to password protect sensitive data on laptop. My understanding is that laptop drives have a built in protection that is difficult to break, if it is used.

[Musket]

Alright, I'll take a stab at this. I'm probably wrong and I'm sure we'll hear about it if I am.

Regular old Windows logon passwords are easy to get around. Windows has an encryption feature that is very hard to crack but I think it only works on files and / or folders and I assume people rarely use it, but it's good. And the best - and what should've been on this laptop - is a third party program than encrypts the entire hard drive and is nearly impossible to crack.

[js1138]

OK, the feature I am speaking of seems to be new.

http://www.eweek.com/article2/0,1895,1825740,00.asp

I read about a customer in a computer store setting a password that made the drive useless to the store owner.

Seems like any laptop with sensitive information should be encrypted. Windows makes it easy. I assume Linux and MacOS do too.

[Musket]

Yeah that Seagate. That's actually a little more than a program, but that's what I was thinking about.

[CJinVA]

This same thing happened to SAIC employees this year. Now Boeing. I worked for SAIC and my wife works for Boeing. Both of us have had our social security numbers ripped off at each company. My SS is in the Boeing info and her SS is in the SAIC info.