Thursday, August 17, 2006

Another Laptop Lost by Accounting Firm - Chevron Employees at Risk of Identity Theft

Saw this on PogoWasRight.org - which is an excellent read on privacy issues:

"Chevron may have pocketed record profits of $4.35 billion in the most recent quarter, but that wasn't enough to protect the names and Social Security numbers of potentially tens of thousands of employees. The San Ramon oil giant sent an e-mail to U.S. workers Monday warning that a laptop computer "was stolen from an employee of an independent public accounting firm who was auditing our employee savings, health and disability plans."

Link to PogoWasRight post, here.

PogoWasRight was quoting a story in SFGate by David Lazarus. In his story, he quotes Larry Ponemon of the Ponemon Institute:

"It's a big problem," said Larry Ponemon, founder of the Ponemon Institute, a Michigan think tank that focuses on privacy issues.

"It's always the human factor," he said. "There are always going to be people who download something incredibly confidential onto their laptop and then it ends up stolen or on the Internet. It's not because of evil intent. It's usually because of incompetence or complacency."

When are we going to wake up that storing "sensitive data" on laptops is a bad idea? And there is evil intent - at least on the part of whomever is stealing this information.

According to the SF Gate article, the Ponemon Institute released a pretty telling survey:

"On Tuesday, the Ponemon Institute issued a study revealing that 81 percent of companies surveyed have experienced the loss of one or more laptops containing sensitive data over the past 12 months."

"The study also says 64 percent of almost 500 data-security pros surveyed admit that their companies have never performed an inventory to determine the location of customer or employee info."

Link to SFGate article, here.

There is another thing to consider - and it's the internal factor. Most of this information is worth money and it makes me wonder in how many of the breaches (of which there have been many) a dishonest employee was somehow involved?

For an article about that by Will Sturgeon from Silicon.com, link here.

Of course, in this case - as most of the others - Chevron is revealing few details.

2 comments:

T.L. Stanley said...

I agree. Employees may be selling the information for the highest price to the criminal element. Unfortunately, ethics has gone out the window now. Take care.

prying1 said...

re: quote - "It's a big problem," said Larry Ponemon, founder of the Ponemon Institute, a Michigan think tank that focuses on privacy issues. -

Gee! Do you think so?

I don't know when corporations will wake up and work harder towards preventative measures. Much easier that searching for solutions after the fact...