Print this article  |  E-mail this article  |  Comment on this article

Data Loss Puts HP Employees At Risk

By Ed Oswald, BetaNews

March 23, 2006, 11:15 AM

Fidelity Investments disclosed Wednesday that a laptop carrying personal information on 196,000 current and former employees of Hewlett Packard was stolen last week. The incident apparently occurred while Fidelity employees were working at an off-site location.

Information on the laptop included names, addresses, social security numbers, dates of birth, and employment information. PINs for the employees' Fidelity accounts were not part of this data. However, the amount of information lost is likely more than enough to pose a potential identity theft threat.

As an additional feature to protect data on these machines, Fidelity adds a special application that encrypts data after an expiration date. According to the company, this application expired the day after the laptop was stolen.

The authorities have been alerted to the loss, Fidelity said. It is likely that the laptop itself was stolen with little regard for its contents, which would likely be deleted anyway to resell the machine, authorities say.

Fidelity said that it had not received any reports of potential data misuse. Both companies are now alerting affected employees, and Fidelity will offer those individuals free credit monitoring for a period of one year.

Data loss is becoming an increasingly bigger problem. Nearly 53 million personal records have been exposed in the past year or so in incidents like this, says the Privacy Rights Clearinghouse.

However, by the same token, studies have shown in most cases, much of the data is never used. This is due to the amount of time it takes to apply for credit accounts, which is usually on the order of 10 to 15 minutes per application.

Add a Comment (6 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By Macross74

posted Mar 26, 2006 - 11:51 PM

Goes to show that out sourcing is not all its cracked up to be!

Score: 0

By ds0934

posted Mar 26, 2006 - 9:33 PM

"Sensitive data" and "laptop" should NEVER be used in the same sentence. Stupid. Totally stupid. F.I. should have known better. I'm really losing faith that hope exists for a common sense approach to data security. All the technology in the world, and someone still thinks it necessary to tote around in the open.

Score: 0

By zee7

posted Mar 24, 2006 - 12:18 AM

I have a relative who works for HP; they sent him this email:

"This is to let you know that Fidelity Investments, record-keeper for the HP retirement plans, recently had a laptop computer stolen that
contained personal information about you, including your name, address,
social security number and compensation. Fidelity is sending a formal notice to you today about this matter in a priority mailing to your
address on record. In the meantime, we wanted to let you know that a
copy of this notice is now posted on the Fidelity NetBenefits(r) site
in the News section on the right
hand side of the home page. The notice includes some immediate steps
that you can take to protect yourself, as well as information about how to enroll for a 12-month period of credit monitoring at no cost to you and a Fidelity call center number in case you have additional questions."

End quote.

It just boggles my mind that these multinational companies spend millions and millions of dollars on advertising and stupid sh** like that, yet they hire ignorant bozos to handle their security.

It's way past time for the government to step in and start handing out prison terms and severe fines for these totally preventable security lapses. Financial punishment is the only thing these companies understand. Offering one year of free credit monitoring is a joke and in no way makes up for the huge risks they placed these people under. Identity theft can take years to recover from and it is not always possible to restore one's good name and credit rating.

Score: 0

By fewt

posted Mar 23, 2006 - 8:25 PM

That data should NEVER have been on a laptop. The person(s) responsible need to be prosecuted.

Score: 0

By Black-Wolf

posted Mar 24, 2006 - 1:14 PM

"Shoot him or something" Quoted from da fag in da star wars. :P

Score: 0

By mat2m

posted Mar 23, 2006 - 4:56 PM

why would all that data be on a laptop? they should use a remote server that the laptops can link to to get the information that would be better security wise

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update