Laptop Loaded With HP Employee Data Stolen From Fidelity
The loss of sensitive personal data could affect as many as 196,000 Hewlett-Packard employees and Fidelity clients.
It could happen to anyone: take your eye off your laptop for a minute and, when you turn around, it's gone. For most people, this is a huge headache that involves lost work projects, missing phone and e-mail contacts, and an embarrassing call to the boss. Usually, the person responsible for the laptop gets the most grief.
For Fidelity Investments, however, the theft of a laptop last week could affect as many as 196,000 Hewlett-Packard employees and Fidelity clients. Their personal information was stored on a laptop lifted during an off-site Fidelity business meeting.
The laptop contained software storing the names, addresses, Social Security numbers, dates of birth, and other employment-related information of participants in Hewlett-Packard-sponsored retirement plans.
Why was this data on a laptop in the first place? A Fidelity spokeswoman said in an e-mailed statement that the company doesn't usually keep such information on laptops, and that it generally limits the use of such confidential data outside of Fidelity to times when the information is "appropriate or required for meetings with clients about their specific plans and participants."
Fidelity, which provides financial services for about 21 million people, maintains that it hasn't detected any misuse of the stolen information and that safeguards in place could prevent this from blowing up into a bigger problem. "The application was running on a temporary license," the Fidelity spokeswoman said. "The license has expired. Since the expiration of the license, the scrambled data would be difficult to interpret, and generally unusable."
Fidelity has notified law enforcement, which is conducting an investigation to recover the stolen laptop. The Boston-based company says it has also taken steps to add extra security processes requiring additional authentication for access to the affected HP accounts "as well as other measures to prevent unauthorized use."
Fidelity is also monitoring the affected accounts for unusual activity that might indicate fraud is being committed. "We have reviewed activity in the HP accounts and have found no indication of unusual or suspicious activity," the spokeswoman said.
Fidelity also claims to have worked with HP to notify those affected and set up a dedicated phone line and area of the Fidelity Web site for those employees to address the issue. "We have also contacted the three principal credit reporting bureaus – Equifax, Experian, and Trans Union – to advise them of the situation," she said. HP employees affected by the theft will also be offered free credit monitoring through Fidelity, which plans to reimburse those affected for account losses connected with any unauthorized transactions.
Fidelity is just the latest in a series of high profile data thefts that have some observers bemoaning the insecure state of data security today. For example, despite the importance of the information stored on laptops, high-profile thefts such as the one Fidelity experienced have become frighteningly familiar. A laptop stolen in March, 2005, from University of California at Berkeley compromised personal information of more than 98,000 alumni, graduate students and past applicants, while the Justice Department will in May celebrate the anniversary of a similar theft that exposed the personal information of 80,000 employees. Other organizations in this regrettable club include Bank of America, MCI, the Ohio State University Medical Center, and Oklahoma State University.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.