Administaff, a human resource firm that provides outsourced HR functions such as payroll and benefits to small companies is missing a laptop containing the names, addresses, and Social Security numbers of 63,000 current employees and 96,000 former workers.
Affected individuals, including this writer, received a note from Administaff informing them that the laptop went missing on Oct. 3 from an undisclosed location, and through means not described in the letter.
According to Administaff CEO Paul Sarvadi, the laptop was password-protected, but the "personal information was not saved in an encrypted location." Although that could mean any number of things, Sarvadi claimed that it was a violation of company policies.
Sarvadi's letter also claims that there is no evidence that the theft was anything but random, or that the information has been misused. Nevertheless, the company has followed the standard practice of offering a toll-free 1-800 helpline for employees affected by the breach, and is offering a year's worth of free credit monitoring sponsored by Equifax.
This marks the second data breach that has affected me personally in less than a year. I had to replace get my bank debit card replaced in December 2006 due to having shopped at a Marshall's department store during the TJX company database hack.Laptop thefts
The loss or theft of personal information thanks to unsecured or stolen personal computers remains a primary source of data for the identity thieves and cyberhackers who frequent the "underground economy."
Laptops, thumb drives and cellphones full of personal information--often poorly protected or not protected at all--are purloined and the information is traded back and forth in chat rooms for as little as $14.
Although many companies offer technology solutions for protecting data stored on laptops, many businesses simply do not invest the resources needed to train employees to properly secure data, or outsource vital business functions to contractors that don't have strong policies about data security in place.
For example, a third-party vendor hired by the Gap retail chain to process job applicant data lost a laptop containing personal information on 800,000 job seekers in October 2007.
And a laptop containing personal information on an undisclosed number of employees for Internet domain registrar VeriSign was stolen from an employee's car in August 2007.
Victims of data breaches often have a difficult time regaining lost money and receiving restitution for time spent fixing the problems caused by a company's negligence.
Several recent court settlements have ruled against breach victims, finding that laptop thefts, hacks, and the like must be demonstrably linked with damage from identity theft in order to prove the case.
