It was reported December 15 that Boeing had the 3rd laptop stolen in just a little over a year.
The laptop was stolen from an employee’s car. PII included “names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees.”
This latest theft contained cleartext personally identifiable information (PII) about 382,000 current and former employees. A Boeing laptop stolen in April contained PII about 3,600 individuals, and the one stolen in November 2005 contained cleartext PII about 161,000 individuals.
The good news…
* Policies exist requiring access to PII to be made only from network servers, and not to be placed upon endpoint computers, such as laptops.
* A project is underway to automatically encrypt files as they are downloaded from servers.
* Boeing is working to eliminate the use of Social Security numbers in all ways possible.
* Boeing is offering 3 years of credit monitoring to the impacted individuals.
The bad news…
* The PII of 546,600 could be in the hands of fraudsters, criminals and others with bad intent, and could be used months or years from the time it was stolen.
* The laptops stolen were not yet part of the encryption project.
* Employees will not follow policies if they are not well communicated, if there are no enforced sanctions, or if there are not tools in place to enforce them wherever possible.
* Employees will continue to do senseless things such as leaving laptops in cars where they are so often stolen. This human tendency makes it very important to have strong security controls in place, such as laptop disk encryption and the technology to prevent PII from being downloaded from the server repositories to begin with.
Tags: awareness and training, Boeing, data protection, Information Security, IT compliance, laptop theft, personal data breach, policies and procedures, privacy, privacy breach