Laptop stolen from Cross Country Staffing employee
Technorati Tag: Security Breach
Date Reported:
2/8/08
Organization:
Cross Country Staffing
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
Unknown*
*According to the breach notification "Approximately 45 New Hampshire residents were affected by this incident"
Types of Data:
Names, Social Security numbers, and addresses.
Breach Description:
A laptop was stolen from the car of an employee working for Cross Country Staffing on February 1st, 2008. The laptop contained sensitive personal information belonging to employees of the company.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
we write to inform you of an information security breach concerning our employees' personal data
On February 1, 2008, a laptop computer was stolen from a corporate employee's car.
[Evan] An unencrypted and unattended laptop containing personal information is a recipe for disaster
The computer contained confidential information about some Cross Country employees, including their names, Social Security numbers and addresses
The stolen computer was password protected, but not encrypted
[Evan] Ugh! There really isn't any excuse for not encrypting laptops that have confidential information on them.
Our corporate employee immediately reported the incident to the local police
We have no evidence that the information stored on the laptop has been accessed or misused
[Evan] The incident happened on February 1 and the letter to the New Hampshire Attorney General is dated February 8. I am not surprised that that there is no evidence that the information had been accessed as it has only been a week. Kudos to Cross Country Staffing for the quick response however.
we are notifying all affected individuals of the possible information security breach via written letter to each affected individual through first class mail, postage prepaid. Mailing will begin on February 8, 2008
We deeply regret this incident
We are reviewing our current policies and procedures with respect to such information and are committed to fully protecting all of the information that is entrusted to us
[Evan] How about not allowing confidential information on laptops and other mobile media or at the very least enforce encryption?
If you have any additional questions about this incident, please contact us tollfree at the following helpline number: 866-372-334
Commentary:
Cross Country Staffing did a fine job by informing affected employees within a week. There was no mention of what controls are in place to prevent a similar breach from occurring again, or what specifically they plan to change. If nothing changes, it will only be a matter of time before it happens again.
ENCRYPT confidential data at rest on mobile devices (with pre-boot authentication and secure key management).
Affected persons are being offered a complimentary 12-month credit monitoring product subscription for what its worth.
Other Cross Country Staffing brands (it is unknown if any are affected):
Past Breaches:
Unknown
Date Reported:2/8/08
Organization:
Cross Country Staffing
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
Unknown*
*According to the breach notification "Approximately 45 New Hampshire residents were affected by this incident"
Types of Data:
Names, Social Security numbers, and addresses.
Breach Description:
A laptop was stolen from the car of an employee working for Cross Country Staffing on February 1st, 2008. The laptop contained sensitive personal information belonging to employees of the company.
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
we write to inform you of an information security breach concerning our employees' personal data
On February 1, 2008, a laptop computer was stolen from a corporate employee's car.
[Evan] An unencrypted and unattended laptop containing personal information is a recipe for disaster
The computer contained confidential information about some Cross Country employees, including their names, Social Security numbers and addresses
The stolen computer was password protected, but not encrypted
[Evan] Ugh! There really isn't any excuse for not encrypting laptops that have confidential information on them.
Our corporate employee immediately reported the incident to the local police
We have no evidence that the information stored on the laptop has been accessed or misused
[Evan] The incident happened on February 1 and the letter to the New Hampshire Attorney General is dated February 8. I am not surprised that that there is no evidence that the information had been accessed as it has only been a week. Kudos to Cross Country Staffing for the quick response however.
we are notifying all affected individuals of the possible information security breach via written letter to each affected individual through first class mail, postage prepaid. Mailing will begin on February 8, 2008
We deeply regret this incident
We are reviewing our current policies and procedures with respect to such information and are committed to fully protecting all of the information that is entrusted to us
[Evan] How about not allowing confidential information on laptops and other mobile media or at the very least enforce encryption?
If you have any additional questions about this incident, please contact us tollfree at the following helpline number: 866-372-334
Commentary:
Cross Country Staffing did a fine job by informing affected employees within a week. There was no mention of what controls are in place to prevent a similar breach from occurring again, or what specifically they plan to change. If nothing changes, it will only be a matter of time before it happens again.
ENCRYPT confidential data at rest on mobile devices (with pre-boot authentication and secure key management).
Affected persons are being offered a complimentary 12-month credit monitoring product subscription for what its worth.
Other Cross Country Staffing brands (it is unknown if any are affected):
Past Breaches:
Unknown
Posts Atom 1.0
Comments