Identity theft protection work related.

[Notmuchlonger]

DW received a letter from her employer today. To sum it up. A computer repair shop received a laptop that needed repair. This computer had ssn numbers and various other information from my DW's work. They contacted DW employer regarding this information. DW was one of thousands who ssn and various other information that was on this laptop. According to DW employers "computer techs" This harddrive has not been accessed since 2007 other than this computer repair company. It was lost or stolen. We dont have all the information yet.

Anywhoo the company is offering free credit monitoring for a year and a hotline to address any concerns. What frosts my cookies a smidge. Why are company people allowed to even take home a computer with this information on it without the proper security?

We checked DW credit and it is fine. I guess we will take them up on the free year monitoring. Makes me wonder what kind of system they run with laptop security.

[jebmke]

Quote:

Originally Posted by Notmuchlonger DW received a letter from her employer today. To sum it up. A computer repair shop received a laptop that needed repair. This computer had ssn numbers and various other information from my DW's work. They contacted DW employer regarding this information. DW was one of thousands who ssn and various other information that was on this laptop. According to DW employers "computer techs" This harddrive has not been accessed since 2007 other than this computer repair company. It was lost or stolen. We dont have all the information yet. Anywhoo the company is offering free credit monitoring for a year and a hotline to address any concerns. What frosts my cookies a smidge. Why are company people allowed to even take home a computer with this information on it without the proper security? We checked DW credit and it is fine. I guess we will take them up on the free year monitoring. Makes me wonder what kind of system they run with laptop security.

It is pretty amazing how sloppy some organizations are. Especially how easy (and free!) it is to maintain all data in an encrypted drive.

[LOL!]

Well, this is the one time you found out about it. How many times has your SSN and all your identifying information been let loose on the world that you don't even know about?

Just because you don't know, doesn't mean it hasn't happened multiple times.

[Notmuchlonger]

Quote:

Originally Posted by jebmke It is pretty amazing how sloppy some organizations are. Especially how easy (and free!) it is to maintain all data in an encrypted drive.

Exactly sloppy. This is an health care organization. It makes me wonder how secure their patient records is.

[Ed_The_Gypsy]

The standing procedure is to provide an illusion of security to maintain people's confidence. Very few organizations--especially the government (any level)--actually have effective security. Too many morons in management.

[Telly]

Many years ago, I accrued a little pension. The company has been sold, resold, sold, and absorbed. The company that holds my little pension now is a Megacorp that I have never worked for.

I got a letter from that Megacorp stating that all my info was on a HR person's laptop, that was stolen from their parked car. The employee had violated company policy about no data to be removed from company premises.

They gave me years of free credit monitoring through Experian.

Megacorp also set up a company website with Q & A's and feedback from employees. The feedback was brutal. Seems that this was not the first time this had happened...

Megacorp decided to go on a crash program to encript ALL megacorp hard drives. Besides instituting more intensive training (I would just beat all HR people with a stick). They also kept up status on the investigation. Eventually, the laptop was recovered, and they used the usual phrase "we have no reason to believe that any personal information was accessed or compromised".

And they canned the employee that violated all the rules.

So far, so good.

[Rustward]

Worked for an IT vendor for over a decade. Encountered several sites that disallowed any means of transporting any data in or out -- floppies, CD's DVD's (later), mini-harddrives and flashdrives. One unnamed place would not allow a mobile phone or even my old Casio Databank wristwatch -- had the check them with the receptionest, who smileingly returned them to me as I was leaving. A different place would empty the contents of my briefcase onto a table at exit and go through everything looking for "contraband". They tried to put it back like they found it. Just doing their jobs. But if I were trying to sneak data out on a flash drive I would have put it (the flashdrive) in my pocket or my shoe or the cuff of my pants or elsewhere. They didn't frisk us.

I kinda think they go through the motions, but in many places someone who is trusted and who has access to the data can get it to the outside.

[tryan]

It's not just computer media ... was talking about an old megacorp friend with a retired HR rep. So she wonders were he lives .... and whips out a 1/2 inch stack of paper. The entire company's personal list. SSN, names , addresses .... she took it home as a way to "keep in touch" with her old co-workers .... it's an address book to her.