[ insider_reports_insider ]
Fidelity Fumbles, Loses Laptop, HP Data
David Utter
Staff Writer
2006-03-23
 Insider Reports RSS Feed
Idiot Watch VI, Hewlett Packard edition: Fidelity Investments has lost a laptop containing lots of personal data for some 80,000 HP employees.
 | | Laptop Containing HP Data Stolen |  |
Pretty soon technology companies are going to start requiring staffers from the financial firms they employ to handcuff their laptops to their wrists, like some courier from an old spy movie.
Considering The Register's report on the latest in an unpleasant series of "personal data versus careless financial companies," HP employees may want those laptop-toting types to be outfitted with cyanide capsules. Forcefully if necessary.
The article by Ashlee Vance noted the contents of an email HP folks likely did not enjoy finding in their inboxes:
"This is to let you know that Fidelity Investments, record-keeper for the HP retirement plans, recently had a laptop computer stolen that contained personal information about you, including your name, address, social security number and compensation," employees learned via email.
Fidelity has also set up a web site that "includes some immediate steps that you can take to protect yourself, as well as information about how to enroll for a 12-month period of credit monitoring at no cost to you and a Fidelity call center number in case you have additional questions."
The company also provided more details of the problem in a statement reproduced in the report:
"At this time, we are unaware of any misuse of the information contained in the software on the laptop," said Fidelity spokeswoman Anne Crowley. "The application was running on a temporary license from a third-party software vendor. The license has expired. Since the expiration of the license, the scrambled data would be difficult to interpret and generally unusable.
"We have taken steps to implement extra security processes requiring additional authentication for access to those HP accounts as well as other measures to prevent unauthorized use. We have also employed additional security controls above and beyond our already significant monitoring activity to identify if there is any unusual activity in these accounts. Further, we have reviewed activity in the HP accounts and have found no indication of unusual or suspicious activity."
At least Fidelity has indicated a couple of things that could mitigate the potential damage stemming from their laptop going on walkabout: higher-level account monitoring and "scrambled" data. Scrambled isn't the same as encrypted, though, and just because the data would be "difficult to interpret and generally unusable" rules out neither interpretation nor usability.
We at SecurityProNews heartily recommend Fidelity, and other firms that regularly leave valuable data laying around on laptops, spend some quality educational time reading and considering the topics and essays by security expert Bruce Schneier. Whatever in-house lessons or training on proper data security practices these companies conduct just doesn't seem to be taking hold with anyone.
---
Tags: Fidelity, Hewlett-Packard
Add to | DiggThis | Yahoo! My Web
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
