Laptop theft at Fidelity exposes data on 196,000 HP workers
The laptop held data about participants in an HP-sponsored retirement plan
Computerworld - Fidelity Investments today confirmed that a laptop containing confidential information on more than 196,000 current and former employees at Hewlett-Packard Co. and its acquisitions was recently stolen from the firm. The theft may have exposed information such as the names, Social Security numbers and compensation details for the workers.
Though there is no evidence that the stolen information has been misused so far, Fidelity has begun sending out letters to all of the affected employees informing them about the incident and recommending follow-up action, a spokeswoman said via e-mail.
The laptop, which held personal data about participants in an HP-sponsored retirement plan, was stolen from employees who had brought it to a business meeting outside of Fidelity, according to Anne Crowley, a spokeswoman for Fidelity Investments.
It is not our practice to have that level of data on a laptop, Crowley said. We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required for meetings with clients about their specific plans and participants, she said.
According to Crowley, the laptop application with the personal data was running on a temporary license that has since expired. As a result, the scrambled data contained in the laptop should be difficult to interpret and generally unusable, she said.
At this time, we are unaware of any misuse of the information contained in the software on the laptop, she said. The company has also been monitoring the affected HP accounts and has so far seen no indication of unusual or suspicious activity.
We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts, as well as other measures to prevent unauthorized use, she said without elaborating.
After the theft, Fidelity contacted the three principal credit-reporting bureaus to advise them of the situation and arranged for those affected to enroll in a free credit-monitoring service. The service includes credit monitoring, a copy of their credit reports and notification of activity.
If we conclude an unauthorized transaction has taken place in [an individuals] Fidelity account as a result of this incident, we will reimburse them for account losses connected with the unauthorized transactions, Crowley said.
News of Fidelitys laptop loss comes amid heightened debate over a national breach-disclosure law now under debate in Congress. The bill, which was recently passed by the House Financial Services Committee (see Consumer groups rail against proposed data-breach notification law), is known as the Financial Data Protection Act of 2005 (H.R. 3997) and is designed to give financial services companies such as Fidelity a national standard for securing sensitive personal information and notifying consumers in the event of a data breach.
A highly controversial provision in the bill would allow companies such as Fidelity to notify consumers of breaches only if they think there is a reasonable risk of actual harm resulting from the breach.
Critics of the proposed bill have blasted it, claiming that it would preempt much stronger state laws already in place while allowing financial services companies too much leeway in deciding when to disclose a security breach.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts