US BOEING COMPUTER LAPTOP THEFT

BLOG EDITOR COMMENTS: THIS ARTCILE BRINGS ATTENTION TO A SENSITIVE ISSUE / HOW CORPORATIONS MUST PROTECT DATA ON THEIR COMPUTERS OR FACE THE NEGATIVE CONSEQUENCES IF THEY DON"T KRT Wire | 11/22/2005 | Boeing waited before admitting loss of sensitive employee data Posted on Tue, Nov. 22, 2005

Boeing waited before admitting loss of sensitive employee data

BY TIM MCLAUGHLIN

St. Louis Post-Dispatch


ST. LOUIS - Boeing Co. waited "several days" before telling employees and retirees that a laptop computer loaded with Social Security and bank account numbers was stolen.

Boeing spokesman Tim Neale said Tuesday the company could not immediately notify employees about the theft because it first had to determine exactly what was on the computer. The company-issue laptop has not been recovered, amid an investigation by Boeing and several law enforcement agencies.

There have been no reports of data misuse in a case that affects 161,000 employees, retirees and former workers, Neale said. Frustration is high, though. Employees and their spouses complain about navigating through layers of voice mail prompts to issue credit fraud alerts on their accounts.

Digital security experts say the loss of sensitive employee data, even if it's not abused, can tarnish a company's reputation and cause a plummet in productivity as workers scramble to protect their bank accounts and credit ratings. A study by the nonprofit Identity Theft Resource Center said victims surveyed in 2004 spent an average of 331 hours each correcting the effects of stolen financial data and lost an average of $1,820 in earnings.

While the aerospace and defense giant remains hopeful none of the data from the unrecovered laptop will be abused, the company's disclosure about the theft Friday afternoon triggered panic and confusion from St. Louis to Seattle. Some employees are so mad at Boeing that they've talked about filing a class-action lawsuit against the company.

"There's a lot of anger that the Boeing Co. could be so lax and remiss with all this data on one laptop," said Boeing employee Earl Schuessler, a union plant chairman from Local 837 of the International Association of Machinists & Aerospace Workers.

"Right now it's just mass confusion and concern," Schuessler said. "People are taking off work to change bank accounts."

Boeing managers have the discretion to allow workers to take time off to close old bank accounts and open new ones, for example, Neale said. "There's no question some people are upset," Neale said. "I've also heard compliments that Boeing is trying to help. But it's never good news to hear something like this."

Boeing said it will not specify the time, date or place of the laptop's theft, except that it happened at a non-Boeing site. The company has undertaken a total review on how it handles the personal data of employees.

"I can tell you it was several days prior to our notification of employees last Friday," Neale said. "The data was spread over many files, and not all files contained names. There was no easy-to-read spreadsheet. We essentially had to create a database from bits and pieces of information pulled from multiple files so we would be in a position to tell each employee what was on the computer specifically about them.

"That took time," he added. "We also needed to staff up a call center, get ready to do a major mailing and employee e-mail, etc. It was a big undertaking, and we moved as fast as we could."

Corporations such as Boeing and government agencies are frequent victims of laptop theft, said Jeff Rubin, vice president of marketing for Beachhead Solutions Inc. His company produces software that destroys sensitive information on lost or stolen computers to prevent the negative consequences of it falling into the wrong hands.

"Boeing's story is a very common one," Rubin said.

Indeed, high-profile cases of stolen laptops often make newspaper headlines. In March, for example, the University of California-Berkeley said a thief stole a campus laptop that contained files with the names and Social Security numbers of more than 98,000 individuals, mostly graduate students or applicants to graduate programs. In 2000, Irwin Jacobs, then-Chief Executive of Qualcomm, discovered his laptop gone after he wrapped up questions from the Society of American Business Editors and Writers in Irvine, Calif. Security experts say stolen laptops rarely are recovered.

Companies usually load encryption codes on laptops to deter a security breach. But Rubin described that approach as a big safe that comes with a small lock. He said encryption codes, which scramble data, are defeated easily if laptop users leave their passwords on a sticky note attached to the computer, for example.

"If you have the user's password, you got the key to all of the data," he said. "The whole problem with encryption is that it's just a password away from being broken."