VeriSign employee data exposed in laptop theft

By Bill Brenner, Senior News Writer 08 Aug 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A laptop housing the personal information of current and former VeriSign Inc. employees has been stolen, exposing them to potential identity fraud.

The local police have said the theft may be tied to a series of neighborhood burglaries. VeriSign

It is not known how many identities were exposed when the laptop was stolen from the car of a former employee last month. The Mountain View, Calif.-based company, whose product line includes security services and tools, said there's no indication of fraudulent activity thus far.

The vendor said it is taking the theft "very seriously" and that it started an investigation the moment the theft was discovered.

"The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee's computer to the VeriSign network," VeriSign said in a public statement.

Laptop security: Laptop theft affects 160,000 Neiman Marcus employees: A laptop, stolen from a consultant, contained sensitive data of about 160,000 current and former Neiman Marcus employees. How can I protect the sensitive information that resides on my laptop? Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A. Fidelity laptop snafu spotlights need for security policies: The theft last week of a Fidelity-owned laptop containing sensitive data could have easily been prevented. Are your users paying attention when it comes to laptop security? Study: Office likely location for laptop lifts: A study by Credant Technologies found the office to be the most common place for a laptop to be stolen, despite physical security measures

The company said the car was burglarized while parked in the employee's Northern California garage between the evening of Thursday, July 12, 2007 and the morning of Friday, July 13, 2007. The laptop may have contained such personal information as names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses. But it did not include credit card numbers, bank account numbers, or password information, nor did it contain any information on VeriSign customers, the company said. The vendor also noted that the employee responsible for the laptop has since left the company.

"We are contacting all individuals whose personal information may have been on the stolen laptop," the company statement continued. "We have no reason to believe that the thief or thieves acted with the intent to extract and use this information; the police have indicated that there may be a connection to a series of petty thefts in the neighborhood. The laptop was fully shut down and requires a username and password to log on to the Windows application. To our knowledge, the thieves do not have the password."

The incident may be especially embarrassing to VeriSign since it is known, among other things, for its security offerings. The company bills itself as the leading secure sockets layer (SSL) certificate authority enabling secure e-commerce and communications for Web sites, intranets, and extranets. It also owns the iDefense Security Intelligence Service.

The theft or loss of laptops with sensitive data has become all to common in the past year. The most notorious case involved the theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.

The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.

Tags: Identity Theft and Data Security Breaches,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us