MCI employee data stolen in laptop theft

IDG News Service - MCI Inc. is evaluating new corporate security technologies following the theft of a notebook computer containing personal information on around 16,500 current and former employees, the company said today.

The missing data includes names and Social Security numbers stored on a laptop that was stolen last month from a car parked in the home garage of an MCI financial analyst, said Linda Laughlin, an MCI spokeswoman. The MCI employee, whom Laughlin declined to identify, was authorized to have the data on her laptop; she was using it to analyze financial trends for the company, Laughlin said.

Though MCI is now investigating the "policies, procedures and circumstances surrounding the theft," the company does not believe that the analyst violated MCI policy, she said. MCI uses encryption technology to protect its corporate data, but the company is now in the process of evaluating new security technologies, including stronger encryption software.
"What we'll do is we'll go and enhance some of the tools that employees can use on their laptops," Laughlin said.

One tool that may help out MCI employees is locking car doors.

Colorado Springs Police Department investigators found no signs of damage to either the car or the garage where it was parked, leading them to assume that the car in question was not locked at the time of the theft, said Lt. Rafael Cintron, a public information officer with the department.

Laughlin could not say whether leaving this data in an unlocked car would violate company policy.

Either way, retrieving the missing laptop, which was reported stolen April 5 in Colorado Springs, may prove difficult.

Colorado Springs officers are in the process of contacting local pawnshops to see if the laptop has been sold, but investigators have few leads in the case. "There was no damage to the vehicle, no witnesses, so there's not much to go on," Cintron said.

MCI has sent out notification letters to the people whose personal information was compromised by the theft, but it has seen no evidence that anyone has attempted to illegally use the information, Laughlin said.

The stolen laptop was password protected, but Laughlin would not say whether the Excel spreadsheet files that contained the sensitive data were themselves encrypted.

The MCI theft is just the latest in a series of high-profile mishaps in which companies have lost large quantities of personal information. Earlier this month, Time Warner Inc. lost 40 backup tapes containing data on 600,000 current and former employees. And identity thieves have gained access to data on hundreds ofthousands of people following computer break-ins at ChoicePoint Inc. and Reed Elsevier Group PLC's LexisNexis Group.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.