Thursday, September 28, 2006

GE Stolen Laptop Exposes 50,000

Adding to this year's list of offenders, General
Electric corporation is the latest to have a
"stolen" laptop containing highly confidential
consumer data of their current and former
employees.


this is an audio post - click to play

With this exposure, resulting from the theft of
an employee's laptop from a locked hotel room, GE
was forced to notify an estimated 50,000 employees
last week in a letter their personal information
has been compromised.

Even though a GE company spokesman indicated he
believed the theft was simply a random criminal act,
they are offering a year's worth of free identity
theft monitoring to those negatively impacted.

Here's why.

General Electric, with diverse lines of business, is
also one of the leading providers of consumer credit
services through their GE Consumer Finance group.

GE Finance holds many retail clients who actually
open up the credit accounts with consumer. Here's
just a small sampling of their credit clients:

  • Home Depot
  • Mervyns
  • Lowes
  • Sam's Club
  • Walmart


According to an excerpt from the company's fraud
policy website, they offer tips they themselves
evidently do not take seriously:

"..is committed to helping consumers protect
themselves against identity theft and fraud"


"Will not ask for financial or personal information,
such as user names, passwords, credit card numbers,
social security or bank account numbers, via e-mail"


The data contained on the stolen laptop included
that highly sought by identity thieves for the
ability to quickly open up new credit and
wireless
accounts:


  1. Names
  2. social Security Numbers (ssn)


Once again, an unsecured laptop in a publicly
accessible area - containing unencrypted and
highly confidential consumer data was stolen
due to an errant employee.

According to the GE spokeman the data was
"being used in a project".

What possibly would an employee need the
names and social security numbers of 50,000
people for a project that he had to work on using
a portable laptop with unencrypted data in a
hotel room?


Well, according to General Electric they have
"strict policies in place for laptop and data
security". Evidently those strict policies
do not cover encrypting sensitive
consumer
data transported outside
the company premises.


GE did not disclose what hotel nor even the
city the identity theft occurred.

Given, the average time needed by an identity
theft victims to repair the damage is 330
hours (14 days) most of which you can believe
will be away from work, it's prudent to pull
out all stops to prevent this type of fraud
from happening to you.

So, our tip for today is if you or anyone you
know is a GE employee both past and present,
have them contact their employee benefits
coordinator immediately for more information.

Make sure to get the details for how you can
qualify for the year's worth of "free"
credit monitoring services.

9 Comments:

At 3:52 PM, Anonymous Mila said...

Every company claims that they take all possible measures to secure their customers' and employee data, but there have been far too many security breaches lately for this to be true.

The fact that this information was left unencrypted ON A PORTABLE MACHINE is completely unacceptable. Not only does GE need to refine their risk policies (if they even have any at this time), and work on employee education... And of course security software such as Remote Laptop Security needs to be installed ASAP.

As a consumer, I'll know to be aware of the way GE handles data in the future.

 
At 10:35 PM, Blogger agent99 said...

One would think by now with all of the coverage this year in the press and in this blog of the high profile and repeated "lost" laptops containing unencrypted, confidential consumer data - that somewhere in America a company CEO would simply mandate this mistake from ever happening.

PGP or any other decent encryption software can be readily acquired for a lot less money than a potential class action suit one of these mass identity thefts resulting from the employee breaking the company security policy announcements.

With federal laws such as FACTA and GLB just to name a couple, there's more than enough punitive economic incentive to adhere to enforcing a better standard of "data security".

What do you think is missing, then?

 
At 8:54 PM, Anonymous Anonymous said...

What's missing?

Laws without agents to enforce them are meaningless.

We need more identity theft cops.

 
At 3:10 PM, Anonymous mila said...

Proper enforcement is lacking. Too many people have the "it won't happen to me" attitude, or maybe laptop security isn't a top priority for these companies. Whatever the case may be, there need to be strict laws imposed on companies (rather than just "guidelines") that outline required security measures and consequences if they are not properly implemented.

 
At 1:40 PM, Anonymous Anonymous said...

Even something like the laptop lock - http://www.thelaptoplock.com , which is a free solution would protect people from some of the problems. Jeez, it's free, just use it, I am sure there are other similar software if they do not like this particular one.

 
At 4:27 AM, Anonymous Anonymous said...

I was just notified that a laptop computer was stolen from a Home Depot manager's home containing social securtity numbers of 5600 employees. Why are companies using laptops at all?

The employees were offered 1 year of credit monitoring protection but what if the information stolen is used for identity theft in 5 years? What protection is there then?

 
At 10:15 PM, Blogger jeremy said...

Really it's a nice submission. i am totally agreed with the scheme of laptop. Every company claims that they take all possible measures to secure their customers and employee data, but there have been far too many security breaches lately for this to be true. Keep it updated.

Jeremy
Laptop Computers

 
At 1:58 AM, Anonymous cheap computers said...

I guess whatever the case may be, there need to be strict laws imposed on companies (rather than just "guidelines") that outline required security measures and consequences if they are not properly implemented.

 
At 2:25 PM, Anonymous plantronics headset said...

Outstanding article, I think GE did steal it and needs to give it back.

 

Post a Comment

Links to this post:

Create a Link

<< Home