By Martin H. Bosworth

November 14, 2005
A desktop computer containing data on thousands of consumers, including names, addresses, and Social Security numbers, was stolen from a local office of the Trans Union credit bureau.

The theft took place in October 2005 from a regional sales office in California, according to Colleen Tunney, Trans Union's vice-president for corporate affairs. The bureau sent notices to 3,623 consumers on Oct. 21st warning them of the theft and promising them free credit monitoring for a year.

Tunney told the Washington Post that Trans Union was investigating why the data was on an individual laptop computer rather than a secured network.

Trans Union said it is investigating whether the thieves were after the data or the machine. According to Evan Hendricks, editor and publisher of Privacy Times, "the key issue was why that information was on the laptop in the first place."

Credit bureaus have been criticized for hoarding millions of records on individuals and not protecting them or maintaining their accuracy. Sloppy record-keeping by credit bureau employees can often leave individual consumers vulnerable to fraud and identity theft.

Although the three major credit reporting agencies have agreed to a unified "data protection standard" for sharing data with lenders, slipshod physical protection of records can lead to data loss and potential identity theft.

In a recent example, Blockbuster came under fire when a former employee of a store in Manhattan left thousands of membership records in trash bags on the sidewalk.

And there is the case of the Topeka Credit Bureau, when local businessman Augie Bogina found an office full of abandoned consumer records left behind when the bureau shut down. The Experian credit bureau, a former partner of the Topeka agency, had to personally send representatives to oversee the data's destruction.

"This is what happens when information leaves your control," Evan Hendricks said. "There's a lot of uncertainty about who has access to your data."