Posted on 02/27/2006 7:59:07 AM PST by bwteim
Deloitte loses McAfee employee data by Antony Savvas
Monday 27 February 2006
McAfee's auditor Deloitte & Touche USA LLP has lost an unencrypted CD containing the personal details of more than 9,000 of its employees.
The auditor lost the CD when one of its employees left the disc in the back of an airline seat.
Security software company McAfee was informed of the incident by Deloitte on 11 January, almost a month after the disc was lost.
The disc was lost last December and McAfee has just finished sending out warning letters to the employees and former employees affected.
The back-up CD contained the names, social security numbers and information on stock holdings held by 9,300 of McAfee's current and former US and Canadian employees.
All those affected by the data loss are being given two years' worth of free credit reports by credit bureau Experian, to make sure they do not become the victims of identity theft.
McAfee sells its own product to allow users to easily encrypt files. Deloitte may well now be tempted to use it.
The data loss is the latest to hit corporate America, including big losses at Bank of America twice, and credit rating company ChoicePoint.
Accidents happen.
At least in this case, it wasn't theft.
what moron would put a CD in the seat pouch in a airplane, who ever that auditor was should be fired
An audit company, a data security company, and an unencrypted CD with SSN data. Now if we can just find a third company involved they can make it a hat trick.
irony ping
McAfee using Deloitte, huh? Another round of offshoring in the works?
How generous!
Everyone in the US already gets ONE FREE CREDIT REPORT per person from EACH of the three major credit agencies.
LOL good one, and that's every year too. Anybody can stagger the requests and get one or the other every four months as it is.
Regarding whether data SHOULD or MUST be encrypted...
A Federal Court Rules That A Financial Institution Has No Duty To Encrypt A Customer Database
Monday, Feb. 20, 2006
In a legal decision that could have broad implications for financial institutions, a court has ruled recently that a student loan company was not negligent and did not have a duty under the Gramm-Leach-Bliley statute to encrypt a customer database on a laptop computer that fell into the wrong hands.
CLIP
http://writ.news.findlaw.com/commentary/20060220_sinrod.html
I am still waiting for a call from Boeing to tell me about how they lost a laptop containing employee/former employee personal information (they said they would be contacting all the employees). I cannot believe the idiots that allow this level of security.
Wasn't that with 10s of thousands of names?
Per this, it was 161,000 employees:
http://www.freerepublic.com/focus/f-news/1524977/posts
That included SSNs and bank account information...
That's a bunch of bits and bytes.... thanks for link.
More recent incident:
State college in Colorado warns 93,000 after laptop theft - Student-employee had sensitive info on machine
News Story by Robert McMillan
MARCH 03, 2006 (IDG NEWS SERVICE) - A state college in Denver believes it may have lost sensitive information on more than 93,000 students after one of the school's laptop computers was stolen from an employee's home late last month.
The unnamed employee of Metropolitan State College had been using the information, including student names and Social Security numbers, to write a grant proposal, the college said Thursday. The data, which appears to have been unencrypted, was also being used by the employee to write a master's degree thesis, the school said.
SNIP SNIP
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,109208,00.html?source=x221
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.