Fidelity Investments said last week that an employee's laptop stolen during an off-site business meeting contained the personal information--names, addresses, Social Security numbers, and more--on as many as 196,000 Hewlett-Packard employees who have Fidelity retirement accounts. Fidelity says it generally limits the taking of confidential data outside of Fidelity except when it's specifically needed for client meetings.
Fidelity, which provides financial services for about 21 million people, says it hasn't detected any misuse of the information and that safeguards in place may prevent misuse. The application with the data had a temporary license that has expired, so the data would be difficult to interpret and "generally unusable," a spokeswoman says. And the company is requiring additional authentication to access the affected HP accounts.
But Fidelity still did the drill that's become familiar to data-losing companies: It notified HP employees affected and set up a phone line and an area on the Fidelity Web site for them; notified the three big credit-reporting bureaus; offered free credit monitoring; and promised reimbursement for related account losses.
The list of victims of lost laptops stretches from the University of California at Berkeley to the Justice Department to Bank of America and MCI. It's beginning to feel like if you haven't been stung by a stolen laptop yet, your number just hasn't come up.