Laptop theft at Fidelity exposes data on 196,000 HP workers
The laptop held data about participants in an HP-sponsored retirement plan
Computerworld - Fidelity Investments today confirmed that a laptop containing confidential information on more than 196,000 current and former employees at Hewlett-Packard Co. and its acquisitions was recently stolen from the firm. The theft may have exposed information such as the names, Social Security numbers and compensation details for the workers.
Though there is no evidence that the stolen information has been misused so far, Fidelity has begun sending out letters to all of the affected employees informing them about the incident and recommending follow-up action, a spokeswoman said via e-mail.
The laptop, which held personal data about participants in an HP-sponsored retirement plan, was stolen from employees who had brought it to a business meeting outside of Fidelity, according to Anne Crowley, a spokeswoman for Fidelity Investments.
It is not our practice to have that level of data on a laptop, Crowley said. We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required for meetings with clients about their specific plans and participants, she said.
According to Crowley, the laptop application with the personal data was running on a temporary license that has since expired. As a result, the scrambled data contained in the laptop should be difficult to interpret and generally unusable, she said.
At this time, we are unaware of any misuse of the information contained in the software on the laptop, she said. The company has also been monitoring the affected HP accounts and has so far seen no indication of unusual or suspicious activity.
We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts, as well as other measures to prevent unauthorized use, she said without elaborating.
After the theft, Fidelity contacted the three principal credit-reporting bureaus to advise them of the situation and arranged for those affected to enroll in a free credit-monitoring service. The service includes credit monitoring, a copy of their credit reports and notification of activity.
If we conclude an unauthorized transaction has taken place in [an individuals] Fidelity account as a result of this incident, we will reimburse them for account losses connected with the unauthorized transactions, Crowley said.
News of Fidelitys laptop loss comes amid heightened debate over a national breach-disclosure law now under debate in Congress. The bill, which was recently passed by the House Financial Services Committee (see Consumer groups rail against proposed data-breach notification law), is known as the Financial Data Protection Act of 2005 (H.R. 3997) and is designed to give financial services companies such as Fidelity a national standard for securing sensitive personal information and notifying consumers in the event of a data breach.
A highly controversial provision in the bill would allow companies such as Fidelity to notify consumers of breaches only if they think there is a reasonable risk of actual harm resulting from the breach.
Critics of the proposed bill have blasted it, claiming that it would preempt much stronger state laws already in place while allowing financial services companies too much leeway in deciding when to disclose a security breach.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts