Shostack + Friends Blog Archive


Motorola, 34,000 Employee SSNs, Outsourcer ACS

In an article titled “Stolen PCs contain Motorola HR data“, Reuters is reporting that:

In the latest example of hardware theft putting data security at risk, two computers containing personal information on Motorola employees were stolen from the mobile phone maker’s human resources services provider, Affiliated Computer Services (ACS).

The data on the stolen computers included names and Social Security numbers but no financial information, according to Motorola. The number of employees affected was not disclosed.

No financial information? They had SSNs, but no salaries? I suppose that makes some sort of twisted, perverse sense. Incidentally, Reuters (or subtitled the article “Ah, physical theft… how very old school!” Private to Reuters: You report, we snark. Any questions?

ACS’ chief marketing officer, Lesley Pool, said: “All employees were notified but to this date there is no indication that any personal information has been compromised. It is clear that it was just an amateur burglary.”

I feel better already! If these burglars were amatuers…why could they get to these computers? And seriously, what were social security numbers doing on a system that wasn’t tied to IRS reporting?