Laptop Stolen from Printpack Contained Personal Information
Technorati Tag: Security Breach
Date Reported:
9/12/07
Organization:
Printpack Inc.
Contractor/Consultant:
None
Victims:
Present and former Printpack employees
Number Affected:
Unknown*
*Printpack employs 4,240 Associates in 25 Manufacturing Facilities in the United States, England and Mexico
Types of Data:
Name, Social Security number, date of birth, marital status, address and "other information".
Breach Description:
Five laptop computers were stolen from Printpack's world headquarters in Atlanta Georgia. One of the stolen laptops contained sensitive personal information about current and former Printpack employees.
Reference URL:
http://doj.nh.gov/consumer/pdf/Printpack.pdf
Report Credit:
New Hampshire Attorney General
Response:
From the official breach notification and letter to victims (above):
"Sometime during the night between Thursday, August 16th, 2007 and Friday, August 17, 2007, someone stole five laptop computers from Printpack's corporate headquarters in Atlanta, Georgia. One of the laptops was taken from the Printpack Finance Department. That laptop was being used for human resources and tax reasons and had some personal information about present and former Printpack employees on it including Social Security numbers, dates of birth, marital status, address and other information."
"The computer did NOT have any information on it about your spouse (if you are married)."
[Comfyllama] This is a peculiar statement. In 100's of breach notifications that I have read, this is the first time I have seen this one.
"We do not know for sure that this personal data will even be found or used by the thief. It could be that nothing will happen. Still, we are advising all affected associates about this theft and proposing steps that you may want to take to protect against identity theft and financial fraud in case the thief does find and try to use the data."
[Comfyllama] This makes it sound like Printpack is doing the affected associates some kind of favor. A real favor would be to treat confidential data appropriately.
Printpack has set up a hotline for questions and concerns: 1- x17333. The hotline is staffed from 8:00 EDT to 5:00 EDT.
"We are sorry that this has happened. We are reviewing and tightening our procedures to try to make sure that it does not happen again."
[Comfyllama] Printpack could start by creating policy and procedures calling for the encryption of confidential data at rest then design and implement controls to support them.
Commentary:
If the data on this stolen laptop was encrypted, this would be a not be a breach and would be a non-issue, hardware costs aside. Will this incident motivate Printpack to do the right thing?
Past Breaches:
None
Date Reported:
9/12/07Organization:
Printpack Inc.
Contractor/Consultant:
None
Victims:
Present and former Printpack employees
Number Affected:
Unknown*
*Printpack employs 4,240 Associates in 25 Manufacturing Facilities in the United States, England and Mexico
Types of Data:
Name, Social Security number, date of birth, marital status, address and "other information".
Breach Description:
Five laptop computers were stolen from Printpack's world headquarters in Atlanta Georgia. One of the stolen laptops contained sensitive personal information about current and former Printpack employees.
Reference URL:
http://doj.nh.gov/consumer/pdf/Printpack.pdf
Report Credit:
New Hampshire Attorney General
Response:
From the official breach notification and letter to victims (above):
"Sometime during the night between Thursday, August 16th, 2007 and Friday, August 17, 2007, someone stole five laptop computers from Printpack's corporate headquarters in Atlanta, Georgia. One of the laptops was taken from the Printpack Finance Department. That laptop was being used for human resources and tax reasons and had some personal information about present and former Printpack employees on it including Social Security numbers, dates of birth, marital status, address and other information."
"The computer did NOT have any information on it about your spouse (if you are married)."
[Comfyllama] This is a peculiar statement. In 100's of breach notifications that I have read, this is the first time I have seen this one.
"We do not know for sure that this personal data will even be found or used by the thief. It could be that nothing will happen. Still, we are advising all affected associates about this theft and proposing steps that you may want to take to protect against identity theft and financial fraud in case the thief does find and try to use the data."
[Comfyllama] This makes it sound like Printpack is doing the affected associates some kind of favor. A real favor would be to treat confidential data appropriately.
Printpack has set up a hotline for questions and concerns: 1- x17333. The hotline is staffed from 8:00 EDT to 5:00 EDT.
"We are sorry that this has happened. We are reviewing and tightening our procedures to try to make sure that it does not happen again."
[Comfyllama] Printpack could start by creating policy and procedures calling for the encryption of confidential data at rest then design and implement controls to support them.
Commentary:
If the data on this stolen laptop was encrypted, this would be a not be a breach and would be a non-issue, hardware costs aside. Will this incident motivate Printpack to do the right thing?
Past Breaches:
None
Posts Atom 1.0
Comments