Laptop theft at Fidelity exposes data on 196,000 HP workers
The laptop held data about participants in an HP-sponsored retirement plan
Computerworld - Fidelity Investments today confirmed that a laptop containing confidential information on more than 196,000 current and former employees at Hewlett-Packard Co. and its acquisitions was recently stolen from the firm. The theft may have exposed information such as the names, Social Security numbers and compensation details for the workers.
Though there is no evidence that the stolen information has been misused so far, Fidelity has begun sending out letters to all of the affected employees informing them about the incident and recommending follow-up action, a spokeswoman said via e-mail.
The laptop, which held personal data about participants in an HP-sponsored retirement plan, was stolen from employees who had brought it to a business meeting outside of Fidelity, according to Anne Crowley, a spokeswoman for Fidelity Investments.
It is not our practice to have that level of data on a laptop, Crowley said. We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required for meetings with clients about their specific plans and participants, she said.
According to Crowley, the laptop application with the personal data was running on a temporary license that has since expired. As a result, the scrambled data contained in the laptop should be difficult to interpret and generally unusable, she said.
At this time, we are unaware of any misuse of the information contained in the software on the laptop, she said. The company has also been monitoring the affected HP accounts and has so far seen no indication of unusual or suspicious activity.
We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts, as well as other measures to prevent unauthorized use, she said without elaborating.
After the theft, Fidelity contacted the three principal credit-reporting bureaus to advise them of the situation and arranged for those affected to enroll in a free credit-monitoring service. The service includes credit monitoring, a copy of their credit reports and notification of activity.
If we conclude an unauthorized transaction has taken place in [an individuals] Fidelity account as a result of this incident, we will reimburse them for account losses connected with the unauthorized transactions, Crowley said.
News of Fidelitys laptop loss comes amid heightened debate over a national breach-disclosure law now under debate in Congress. The bill, which was recently passed by the House Financial Services Committee (see Consumer groups rail against proposed data-breach notification law), is known as the Financial Data Protection Act of 2005 (H.R. 3997) and is designed to give financial services companies such as Fidelity a national standard for securing sensitive personal information and notifying consumers in the event of a data breach.
A highly controversial provision in the bill would allow companies such as Fidelity to notify consumers of breaches only if they think there is a reasonable risk of actual harm resulting from the breach.
Critics of the proposed bill have blasted it, claiming that it would preempt much stronger state laws already in place while allowing financial services companies too much leeway in deciding when to disclose a security breach.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!