ILLINOIS COMPUTERS STOLEN FROM COMPANY CONTAINING MOTOROLA EMPLOYEE DATAChicago Tribune news : TechnologyMotorola employee information stolen
2 computers taken; workers alerted

By Mike Hughlett, Tribune staff reporter. Carolyn Rusin contributed to this report
Published June 10, 2005

Two computers containing confidential information on Motorola Inc. employees were stolen over the Memorial Day weekend, sparking more worries of identity theft.

Motorola won't say how many of its more than 30,000 U.S. workers are affected by the theft. But the Schaumburg-based technology firm decided to tell all domestic employees--whether affected or not--for "transparency's" sake, a Motorola spokeswoman said.

Soon, that sort of transparency regarding the potential of identity theft will be required in Illinois. The Illinois General Assembly passed a bill last month that will require people to be notified if their confidential computerized records are stolen, lost or otherwise breached.

The bill, which Gov. Rod Blagojevich is expected to sign next week, is modeled on a law in California that has been widely credited for publicly exposing how extensive computer data breaches have become.

"Illinois will be the second state to have it, and that is incredibly important as far was we are concerned," said Jay Foley, co-executive director of the Identity Theft Resource Center in San Diego.

Reports of data disappearances have been endemic this year. They range from sophisticated hacking schemes to slip-ups like United Parcel Service's revelation this week that it lost computer tapes laden with data for nearly 4 million Citigroup customers.

In the Motorola case, two computers were stolen during a burglary of Affiliated Computer Services' Schaumburg office. Motorola farmed out much of its human resources operations a few years ago to Dallas-based ACS, one of the nation's larger outsourcing firms.

On May 28, thieves broke into ACS' office by chucking a large rock through a glass door. Employees who came to work the next day reported the theft.

"Besides what's in those computers, it's a routine burglary, a smash and grab," said John Nebl, a Schaumburg police officer.

Mary Bushman, an ACS spokeswoman, said the computers were stocked only with Motorola data; they contained no information from other companies.

The data included names and Social Security numbers of some workers, along with hire dates, separation dates and names of managers, according to an e-mail sent to Motorola employees. No bank or other financial data was stolen, the e-mail said.

Bushman said the computers had security protections. Both ACS and Motorola say there is no indication the stolen data has been used for any wrongdoing.

Jennifer Weyrauch, a Motorola spokeswoman, said employees affected by the theft are mostly in the United States, home to about half of the firm's global workforce of 68,000. "Most employees are not affected," the company said in an e-mail to workers.

On Monday, Motorola mailed letters notifying employees who were affected. Motorola says it will provide those employees with free credit monitoring and fraud protection in light of the theft.

Then on Wednesday, Motorola informed all U.S. employees about the incident in order "to make sure people knew what was happening," Weyrauch said.

Workers and consumers have heard plenty of such tales lately, and computer security experts say a California law passed in 2003 is partly the reason.

"As best as I can see, (the law) has really brought to the general public how often these thefts occur," said Eugene Spafford, head of Purdue University's Center for Education and Research in Information Assurance and Security.

California's law requires that people be informed when electronic information about them is lost or stolen. Since California has so many people, many large data breaches invariably involve some California consumers.

The Illinois bill is very similar to California's law, with one exception.

In California, companies can delay notifying consumers if asked to do so by law enforcement authorities worried that notification might hamper a criminal investigation. No such provision exists in Illinois

Illinois Atty. Gen. Lisa Madigan, Gov. Rod Blagojevich and the Illinois Public Interest Research Group worked together to draft the notification bill. Its House sponsor was John Fritchey (D-Chicago); its Senate sponsor was Ira Silverstein (D-Chicago).

At least three other bills regarding identity theft also passed the General Assembly and await the governor's signature.

One will make Illinois one of only five states that allow identity theft victims to put a freeze on their credit reports.

Such a freeze allows people to prevent the release of their credit reports without their permission--a way to stop identity thieves from opening bogus new accounts.