Fidelity Laptop Theft Exposes HP Employees

Held personal data of more than 196,000 workers

Fidelity Investments last week confirmed that a laptop computer containing confidential information on more than 196,000 current and former employees at Hewlett-Packard Co. and companies it acquired was recently stolen from the financial company.

The computer theft may have exposed the employees' names, Social Security numbers and compensation details.

Though there is no evidence yet that the stolen information has been misused in any manner so far, the Boston-based financial services firm has begun sending out letters informing affected HP workers about the incident and recommending follow-up action, a spokeswoman said via e-mail.

The laptop, which contained personal data of participants in an HP-sponsored retirement plan, was stolen from employees who had brought it to an off-site meeting, according to the spokeswoman.

"It is not our practice to have that level of data on a laptop," she said. "We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required."

The spokeswoman said the laptop application with the personal data was running on a temporary license that has since expired. As a result, the application should be locked and the data should be scrambled, she said.

"At this time, we are unaware of any misuse of the information contained in the software on the laptop," she said, adding that Fidelity has been monitoring activity in the affected HP accounts.

"We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts, as well as other measures to prevent unauthorized use," she said without elaborating.

Following the theft, Fidelity contacted the three principal credit-reporting bureaus to advise them of the situation, and it has arranged for affected HP employees to enroll in a free credit-monitoring service.

The compromise highlights the dangers of storing confidential data on mobile devices without adequate security controls, said Robert Egner, a vice president at security vendor Pointsec Mobile Technologies Inc. in Mokena, Ill.

Such systems need additional controls to protect against accidental data exposure when mobile devices are lost or stolen, he said.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon