The Home Depot stolen laptop affects 10,000 employees
Technorati Tag: Security Breach
Date Reported:
10/16/07
Organization:
The Home Depot
Contractor/Consultant/Branch:
None
Victims:
The Home Depot employees
Number Affected:
10,000
Types of Data:
Name, home address, and Social Security number
Breach Description:
A laptop computer was stolen from the car of a Home Depot regional manager that contained sensitive personal information belonging to 10,000 Home Depot employees.
Reference URL:
Network World
The Boston Channel Report
Report Credit:
TheBostonChannel.com
Response:
From the online resources cited above:
"Home Depot on Wednesday confirmed a company laptop was stolen that contains personal information about approximately 10,000 employees of the do-it-yourself retailing giant."
"Several weeks ago, a Home Depot human-resources representative in Massachusetts took a laptop computer home to do some additional work and had the PC stolen from his vehicle parked in front of his house, according to a company official."
"The notebook stored personal information, including names, addresses and Social Security numbers of roughly 10,000 employees"
"The data was not encrypted, but the system was password protected,"
[Comfyllama] Here we are again. This is the second stolen laptop breach reported on The Breach Blog today. This is also the second time that we have seen the "password protected" response. Big deal! Password protection means nothing in terms of protection from anyone with simple skills. I am disappointed.
“We have no reason to believe the data was the target of this theft,”
[Comfyllama] Another standard response meant to minimize the impact of this breach.
"the company has received no evidence of identity theft as a result of the incident"
The Home Depot is offering affected employees a free year of credit monitoring.
Commentary:
This is another disappointing breach. Another stolen laptop. Another company that did not properly secure data. Another attempt to minimize the situation. Another set of new victims.
The Home Depot failed in the protection of confidential personal information. Encrypting laptops is not a new concept, and companies must be proactive in the application of adequate security controls. Password protection is never an adequate control by itself.
Who do you think is responsible for this breach? The thief? The Home Depot?
Past Breaches:
Unknown

10/16/07
Organization:
The Home Depot
Contractor/Consultant/Branch:
None
Victims:
The Home Depot employees
Number Affected:
10,000
Types of Data:
Name, home address, and Social Security number
Breach Description:
A laptop computer was stolen from the car of a Home Depot regional manager that contained sensitive personal information belonging to 10,000 Home Depot employees.
Reference URL:
Network World
The Boston Channel Report
Report Credit:
TheBostonChannel.com
Response:
From the online resources cited above:
"Home Depot on Wednesday confirmed a company laptop was stolen that contains personal information about approximately 10,000 employees of the do-it-yourself retailing giant."
"Several weeks ago, a Home Depot human-resources representative in Massachusetts took a laptop computer home to do some additional work and had the PC stolen from his vehicle parked in front of his house, according to a company official."
"The notebook stored personal information, including names, addresses and Social Security numbers of roughly 10,000 employees"
"The data was not encrypted, but the system was password protected,"
[Comfyllama] Here we are again. This is the second stolen laptop breach reported on The Breach Blog today. This is also the second time that we have seen the "password protected" response. Big deal! Password protection means nothing in terms of protection from anyone with simple skills. I am disappointed.
“We have no reason to believe the data was the target of this theft,”
[Comfyllama] Another standard response meant to minimize the impact of this breach.
"the company has received no evidence of identity theft as a result of the incident"
The Home Depot is offering affected employees a free year of credit monitoring.
Commentary:
This is another disappointing breach. Another stolen laptop. Another company that did not properly secure data. Another attempt to minimize the situation. Another set of new victims.
The Home Depot failed in the protection of confidential personal information. Encrypting laptops is not a new concept, and companies must be proactive in the application of adequate security controls. Password protection is never an adequate control by itself.
Who do you think is responsible for this breach? The thief? The Home Depot?
Past Breaches:
Unknown
The official New Hampshire breach notification and letter to affected individuals can be found here:
http://doj.nh.gov/consumer/pdf/home_depot3.pdf
Interesting read.
Reply to this