March 22, 2006 5:41 PM PST
Laptop with HP employee data stolen
- Related Stories
-
Auditor loses McAfee employee data
February 23, 2006 -
ID theft tops list of fraud complaints
January 25, 2006 -
Separating myth from reality in ID theft
October 24, 2005 -
Offline ID crimes still more severe
January 26, 2005
The stolen computer belongs to Fidelity Investments, which provides services to HP, a representative for the Palo Alto, Calif., technology giant said Wednesday. The laptop was being used by several Fidelity employees in an off-site location, said Anne Crowley, a spokeswoman for Fidelity, which is based in Boston.
The portable PC contains information on 196,000 current and former HP employees, Crowley said. The data includes names, addresses, Social Security numbers, dates of birth and other employment-related information, but not the personal identification numbers required to log on to Fidelity services, she said.
The HP incident is the latest in a string of data security breaches. In the last 13 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse. Last month, McAfee reported that an external auditor lost a CD with information on thousands of current and former employees.
Fidelity has reported the theft to law enforcement agencies and the matter is under investigation, Crowley said. "They told us that there have been several laptop thefts...and that their experience has been that these appear to be largely property-focused, rather than people seeking data or identity information," she said.
There is no evidence that the information has been misused, Crowley said. Furthermore, the information requires a special application, which expired a day or so after the laptop was stolen, she said. "The data would be difficult to interpret and generally difficult to read or use."
Identity theft continues to plague consumers, topping the list of fraud complaints reported to the Federal Trade Commission last year. Consumers filed more than 255,000 identity theft reports to the FTC in 2005, accounting for more than a third of all complaints, the agency said in January.
HP and Fidelity started notifying affected individuals this week, both companies said. Fidelity has stepped up security on HP accounts and offers those affected a no-cost credit-monitoring service for a year.
Fidelity claims to be the largest mutual fund company in the United States and one of the world's largest providers of financial services to about 21 million individuals, according to its Web site.
See more CNET content tagged:
HP,
identity fraud,
data security,
laptop computer,
identity theft
file? ...oh.. that's right.. he was using Windows..
These inciudences do not happen because od lack of technology, they happen because of gross negligence!
196,000 client records...
Off-site location...
What is wrong with this picture? This might well be the single most egregious violation of even the most basic security procedures that I have ever heard of!
It is more than negligence, it is even worse than gross negligence. It is fundamentally a criminal violation of (what I would bet money on) HP's contract with Fidelity (what a funny, funny name for such a faithless and unworthy company). If ~anyone~ in Fidelity management had even an inkling of the weight of the information that is potentially accessible--just think of the value of that notebook to well-heeled, organized criminal perpetrators of identity-theft--I say, if Fidelity had even the slightest idea of the magnitude of the information contained in one discreet resource, that person is personally and criminally liable, as is the corporation.
I can't believe that HP will even think about not pursuing this in the civil courts, and perhaps even, in seeking criminal prosecution.
Amazing...absolutely amazing!
rb
The information is more valuable been the laptop and the data could be in the wrong hands.
This is crazy and someone has to take the hit.
I think they should be investigating his bank records for any large deposits lately.
Did you notice ?The data includes names, addresses, Social Security numbers, dates of birth and other employment-related information? on HP employees? But Fidelity Investments made sure it didn?t have personal identification numbers required to log on to Fidelity services stored on that laptop. Hum, all that data that can harm 196,000 current and former HP employees, and Hewlett-Packard, but nothing to harm Fidelity. That in it?s self makes me wonder. People should have the legal right to not have their personal data carried around on anyone?s portable laptop. How about this for Justice, If the information was sold he shall be guilty of a misdemeanor and fined not more than $5,000 according to The Privacy Act Of 1974.
But publish just one visual depictions of actual sexually explicit conduct on the internet or in a magazine without maintaining individually identifiable records pertaining to that performer portrayed in such a visual depiction is a felony and shall be imprisoned for not more than 5 years, and fined in accordance with the provisions of U.S.C., Title 18, Section 2257. I think our government wastes too much time and money worrying about porn on the internet and not near enough time and money when it concerns people?s rights to privacy. I say it?s time for The Privacy Act Of 2006. (1) Personal data shall not be uploaded to any portable device. (2) Personal data shall not be uploaded to any computer that has internet access. It?s time for the government to step up and insure our personal data remains personal.
Equifax Credit Watch, and suggested those people also monitor their credit reports for a period of 12 - 24+ months. So, Fidelity screws up and suggests the people who may be at risk, assume responsibility for any problems.
I still think it is criminal; and the SSN is not only NOT a matter of public record (though it is far too ubiguitous on applications, forms and databases, to be sure), it is constitutionally protected to NOT be a matter of public record.
That Fidelity representative needs a rectum-ectomy, from the inside out!
rb
PS Anybody got a latex glove that I can borrow?
i got an email from some total stranger letting me know that it was out on the web. name, social, dob, salary, everything...
i told hr about it and what did they do? they gave the hr rep another pc just for working at home.
http://www.essentialsecurity.com/Documents/article2.htm
I'm sure the exposed employees are so relieved, too.
Sheesh.
effort--he posted a link to an article that was smooth but, in the
end, said nothing:
"Taking the time to gather information on creating good internet
security practices will lead to a decrease in the future cost of lost
productivity, and by educating your workforce you create an
even wider prevention of productivity loss.
Yes, that's what everyone here is saying (if not as elegantly) but
even the product on that site--email encryption--would not
have saved the HP data. One can only wonder what sort of
education the author (a marketing expert) has in mind.
My earlier posting did draw a comment from rpbell who
suggested FileVault could be broken at the media level, but that
is not true. (If it were, then the name would be VileFault!) The
only risk with FileVault is in human error in using it, and that is a
minor risk due to its ease of use.
So, the question is still out there, dear correspondents--do
Windows users who want to protect their data have any other
choice than to switch to Mac and use FileVault?
James
- I don't understand why so much information was on a laptop off site
-
by richard8135
April 8, 2007 2:14 PM PDT
- As an HP employee, this is unbelievable. I just happened to stumble across this. I enrolled in the Fidelity investment program and I am very worried when I think about how much personal information including SSN that I input into the Fidelity system. If I become a victim of identity theft along with other employees, I have no doubt that I will seek legal action against Fidelity. I would like to forward this to everyone within my group and others at HP, but I am concerned that this would create employment problems (if you know what I mean.) I guess we will see how this turns out, god only knows.
-
Reply to this comment
-
-
See all 25 Comments >>