Laptop stolen from a Kraft Foods traveling employee
Technorati Tag: Security Breach
Date Reported:
3/3/08
Organization:
Kraft Foods
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
20,000
Types of Data:
“It contained the names and may have contained Social Security numbers,” - Kraft Foods spokeswoman Cathy Pernu
Breach Description:
A company-owned laptop was stolen from a traveling Kraft Foods employee that may have contained sensitive personal information belonging to employees of the company.
Reference URL:
Quad-City Times online story
Report Credit:
Doug Schorpp, Quad-City Times with a special thanks to Attrition.org
Response:
From the online source cited above:
A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business.
And now 20,000 employees nationwide have received letters telling them that their personal information was stored on the missing laptop and they could be vulnerable to some type of identity theft.
Kraft Foods spokeswoman Cathy Pernu said the theft took place in mid-January and involved an employee who was working on a systems project. “It had migrating information that was transferring from one computer to another.”
[Evan] I can certainly think of more secure methods of transferring confidential information from one computer to another. What other controls were in place to prevent disclosure?
She did not say where the theft took place
“It contained the names and may have contained Social Security numbers,” Pernu said.
Kraft does not believe anybody has obtained or used any information from anyone whose name was on the hard drive.
“We have contacted people whose names were on the computer, by letter, offering as a precaution, free credit monitoring ... to help guard against improper use of personal information. It is a two-year program,”
[Evan] Two years is better than the semi-standard one, but still not a cure. Monitoring is after the fact too.
Only those who were potentially affected and received letters are being offered the credit monitoring program through TransUnion.
[Evan] Something seems wrong to me with credit bureaus offering other credit monitoring. Shouldn't this be free? I don't understand making money off of the information that doesn't belong to them without my explicit permission. Collect it, sell it, and offer to protect it for me if I (I pay in the end) pay a fee.
Interesting Comment on the Quad-City Times Story:
donjuan463
I can't think of any reason why a large corporation, or any employer for that matter, would have a need to be hopping around the country with employee's personal information. What kind of security is that? How would they like it?
Posted on: Mar 3, 2008 9:15 PM
Commentary:
The information surrounding this breach is very limited. There is no mention as to whether or not traveling around the country with personal information on a poorly protected laptop goes against Kraft policy? Kraft is a large, well-known company with adequate financial resources available to provide better protection than this.
Maybe the laptop was encrypted. If there is no mention of it, I usually assume that it was not.
Past Breaches:
September, 2007 - Was the Kraft tape lost or did we really destroy it?
Date Reported:3/3/08
Organization:
Kraft Foods
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
20,000
Types of Data:
“It contained the names and may have contained Social Security numbers,” - Kraft Foods spokeswoman Cathy Pernu
Breach Description:
A company-owned laptop was stolen from a traveling Kraft Foods employee that may have contained sensitive personal information belonging to employees of the company.
Reference URL:
Quad-City Times online story
Report Credit:
Doug Schorpp, Quad-City Times with a special thanks to Attrition.org
Response:
From the online source cited above:
A company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business.
And now 20,000 employees nationwide have received letters telling them that their personal information was stored on the missing laptop and they could be vulnerable to some type of identity theft.
Kraft Foods spokeswoman Cathy Pernu said the theft took place in mid-January and involved an employee who was working on a systems project. “It had migrating information that was transferring from one computer to another.”
[Evan] I can certainly think of more secure methods of transferring confidential information from one computer to another. What other controls were in place to prevent disclosure?
She did not say where the theft took place
“It contained the names and may have contained Social Security numbers,” Pernu said.
Kraft does not believe anybody has obtained or used any information from anyone whose name was on the hard drive.
“We have contacted people whose names were on the computer, by letter, offering as a precaution, free credit monitoring ... to help guard against improper use of personal information. It is a two-year program,”
[Evan] Two years is better than the semi-standard one, but still not a cure. Monitoring is after the fact too.
Only those who were potentially affected and received letters are being offered the credit monitoring program through TransUnion.
[Evan] Something seems wrong to me with credit bureaus offering other credit monitoring. Shouldn't this be free? I don't understand making money off of the information that doesn't belong to them without my explicit permission. Collect it, sell it, and offer to protect it for me if I (I pay in the end) pay a fee.
Interesting Comment on the Quad-City Times Story:
donjuan463
I can't think of any reason why a large corporation, or any employer for that matter, would have a need to be hopping around the country with employee's personal information. What kind of security is that? How would they like it?
Posted on: Mar 3, 2008 9:15 PM
Commentary:
The information surrounding this breach is very limited. There is no mention as to whether or not traveling around the country with personal information on a poorly protected laptop goes against Kraft policy? Kraft is a large, well-known company with adequate financial resources available to provide better protection than this.
Maybe the laptop was encrypted. If there is no mention of it, I usually assume that it was not.
Past Breaches:
September, 2007 - Was the Kraft tape lost or did we really destroy it?
Posts Atom 1.0
As of mid-January I was by law known as "a victim of identity theft" and a little over 1500.00 was charged to my bank account over night. I was a kraft employee five months prior.... Coincidence...
Reply to this