February 23, 2006 10:46 AM PST
Auditor loses McAfee employee data
- Related Stories
-
ID theft tops list of fraud complaints
January 25, 2006 -
Year in review: Insecurity over ID theft
December 13, 2005 -
Stolen PC holds sensitive consumer data
November 9, 2005 -
Separating myth from reality in ID theft
October 24, 2005
The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that may have been on the CD, MacDermott said.
The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region, MacDermott said. (The security company currently has approximately 3,290 employees worldwide.) The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.
"We notified our current and former employees last week and the week before," MacDermott said. "We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services."
Deloitte & Touche confirmed the incident. "A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket," a representative for the professional services firm said. "We are not aware of any unauthorized access to this data in the two months since the CD was lost."
The McAfee incident is the latest in a string of data security breaches. In the last 12 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees, MacDermott said.
Deloitte & Touche USA is a multibillion-dollar professional services firm that provides audit, tax, consulting and financial services.
ppl in the know, know where to go to read about it...
ppl in the know, know where to go to read about it...
Yet, we have been told they are here, to serve and protect! Yeah, only when suits them!
Slackers all! is the polite description!!!!!!
Let's see where my mindless rambling takes us.
Consider a few possible scenarios. Which one of the below methods is the most secure?
a. CD format for use as online storage tends to be hacked in some ways.
b. Central point of storage to prevent lost information and easy user access.
c. Obtain details through phone or other means and then store it in a central server which is not accessible through the net, only secure access on the LAN.
d. No user data required. Why store it in the first place? Let the customer carry a smart card or identifier with him containing all user data including balances and account information. The update or changes could be made to the identifier or smart card itself. The company only maintains the net accounting information applicable to them. (The identifiers would need to be changed annually to prevent duplication.)
Aha! Now you see what I was hinting!
Why should I entrust some careless joker with my information when I should be responsible for it?
Any suggestions?
to create a disk image with 128 bit AES encryption. You can then
burn the image to a cd/dvd, so if you lose the disk, the data is still
fairly secure. Windows people keep telling me there's more
software for the PC, but is that just games? Can't you find a way to
do this in Windows?