BP employee loses laptop containing data on 13,000 oil spill claimants

Names, Social Security numbers, addresses, other personal data potentially compromised

Current Job Listings

The personal information of 13,000 individuals who had filed compensation claims with BP after last year's Gulf of Mexico oil spill may have been compromised after a laptop containing the data was lost by a BP employee.

The information, which had been stored in an unencrypted fashion on the missing computer, included the names, Social Security numbers, addresses, phone numbers, and dates of birth of people who filed claims related to the Deepwater Horizon accident.

BP said in a statement that the personal information had been stored in a spreadsheet maintained by the company for the purposes of tracking claims arising from the accident.

"The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search," BP said Tuesday.

The information was part of a claims process that was implemented before BP had established its Gulf Coast Claims Facility.

BP's statement makes no mention of when the laptop was reported as lost. But an Associated Press report quoting a BP spokesman notes that the laptop was lost on March 1 by an employee on routine business travel.

The spokesman is quoted as saying that BP waited nearly a month to notify people whose data was on the lost computer because it was doing "due diligence and investigating."

BP said the missing laptop is equipped with a security tool that allows administrators to remotely disable the device "under certain circumstances." However the company offered no further details on what those circumstances might be or whether it had disabled the system.

"Because this investigation and search for the missing laptop is ongoing, we are unable to provide additional detail that might jeopardize our investigation efforts," the company said.

BP has sent written notices to the affected individuals to inform them about the potential compromise of their personal information and to offer them free credit monitoring services, the statement noted.

The loss of the BP laptop is the latest in a string of similar incidents involving the loss of unencrypted personal data stored on laptops, and mobile storage devices.

Such losses have prompted Massachusetts to pass a law requiring companies to encrypt sensitive personal data stored on mobile devices.

Numerous encryption technologies are available these days to mitigate the risks involved in the loss of a computer or other device, but many companies still don't use them.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

5 collaboration tools that enhance Microsoft Office
Shop Tech Products at Amazon