Shostack + Friends Blog Archive

 

MCI, 16,500 employees, ironically anonymous employee

Reuters is reporting “MCI: employee data was on stolen laptop:”

A laptop computer containing the names and Social Security numbers of about 16,500 current and former employees of MCI Inc. was stolen last month, the Wall Street Journal reported on Monday.

The computer was stolen from a car that was parked in the garage at the home of an MCI financial analyst in Colorado, the report said.

An MCI spokeswoman told the Journal that the laptop was password protected but declined to say whether the employee information was encrypted or whether the employee who was robbed was authorized to carry such information on a laptop.

(I can’t find the Journal article with a search for MCI laptop.)

3 comments on "MCI, 16,500 employees, ironically anonymous employee"

  • Jim Horning says:

    Try http://online.wsj.com/article/0,,SB111680003245940129,00.html?mod=rss_whats_news_technology
    [But you need to be a subscriber.]

  • A laptop containing the names and Social Security numbers of about 16,500 current and former employees of MCI Inc. was stolen in Colorado Springs last month, marking the latest in a string of incidents in which companies have lost control of customer or employee information.
    The computer was stolen from a car that was parked in the garage at the home of an MCI financial analyst. An MCI spokeswoman said that the laptop was password protected but declined to say whether the employee information was encrypted. She also declined to say whether the employee, who wasn’t identified, was authorized to carry such information on a laptop.
    MCI is investigating the incident and may take disciplinary action against the analyst if it turns out that the analyst violated company policies, which require employees to encrypt some types of data and limit the type and amount of information that can be transferred to laptops.
    The long-distance carrier says that so far there are no indications that any information has been sold or used by identity thieves. The company also said that it notified local law-enforcement immediately after the theft and has sent letters to all the people whose information was on the stolen computer.
    However, some of the letters reached the employees and former workers only last week. MCI says that’s because it took time to find which workers’ names were part of the data contained on the stolen laptop. After the incident, the company said it quickly began reviewing security policies with employees who work with sensitive personal information.
    MCI is not the only company to experience the loss of sensitive employee information. Earlier this month, Time Warner Inc. disclosed that a cooler-sized container holding personal information on about 600,000 current and former employees was lost while being shipped by truck in March. That incident followed security breaches at ChoicePoint Inc. and the DSW subsidiary of Retail Ventures Inc., as well as lost personal data at Bank of America Corp.
    The Bank of America information was lost while it was being moved. In the ChoicePoint matter, hackers stole the data; in the DSW case, customer credit-card information was stolen.
    While some data are stolen by sophisticated hackers and online scam artists, some of the recent problems, including the MCI theft, showcase how much personal information can be put at risk by low-tech and possibly random crimes or mishaps.
    MCI said it isn’t planning any compensation for the people it has notified. At this point, none seems to be necessary since there has been no indication from law enforcement that the information has been used by criminals, the MCI spokeswoman said.

  • Axel says:

    One would think that companies like MCI would encrypt their hard disks on laptops by now, especially when confidential data is on it.
    I mean, even we’re starting this now.

Comments are closed.