Laptop theft at Fidelity exposes data on 196,000 HP workers
The laptop held data about participants in an HP-sponsored retirement plan
Computerworld - Fidelity Investments today confirmed that a laptop containing confidential information on more than 196,000 current and former employees at Hewlett-Packard Co. and its acquisitions was recently stolen from the firm. The theft may have exposed information such as the names, Social Security numbers and compensation details for the workers.
Though there is no evidence that the stolen information has been misused so far, Fidelity has begun sending out letters to all of the affected employees informing them about the incident and recommending follow-up action, a spokeswoman said via e-mail.
The laptop, which held personal data about participants in an HP-sponsored retirement plan, was stolen from employees who had brought it to a business meeting outside of Fidelity, according to Anne Crowley, a spokeswoman for Fidelity Investments.
It is not our practice to have that level of data on a laptop, Crowley said. We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required for meetings with clients about their specific plans and participants, she said.
According to Crowley, the laptop application with the personal data was running on a temporary license that has since expired. As a result, the scrambled data contained in the laptop should be difficult to interpret and generally unusable, she said.
At this time, we are unaware of any misuse of the information contained in the software on the laptop, she said. The company has also been monitoring the affected HP accounts and has so far seen no indication of unusual or suspicious activity.
We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts, as well as other measures to prevent unauthorized use, she said without elaborating.
After the theft, Fidelity contacted the three principal credit-reporting bureaus to advise them of the situation and arranged for those affected to enroll in a free credit-monitoring service. The service includes credit monitoring, a copy of their credit reports and notification of activity.
If we conclude an unauthorized transaction has taken place in [an individuals] Fidelity account as a result of this incident, we will reimburse them for account losses connected with the unauthorized transactions, Crowley said.
News of Fidelitys laptop loss comes amid heightened debate over a national breach-disclosure law now under debate in Congress. The bill, which was recently passed by the House Financial Services Committee (see Consumer groups rail against proposed data-breach notification law), is known as the Financial Data Protection Act of 2005 (H.R. 3997) and is designed to give financial services companies such as Fidelity a national standard for securing sensitive personal information and notifying consumers in the event of a data breach.
A highly controversial provision in the bill would allow companies such as Fidelity to notify consumers of breaches only if they think there is a reasonable risk of actual harm resulting from the breach.
Critics of the proposed bill have blasted it, claiming that it would preempt much stronger state laws already in place while allowing financial services companies too much leeway in deciding when to disclose a security breach.
Read more about Security in Computerworld's Security Topic Center.
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!