Wow, that is very unfortunate. Two years of credit reporting doesn't help much when their SSNs never expire and can be harvested by underground id theft websites for years to come. These victims need to watch their accounts, use credit freezes, or purchase credit monitoring on their own after year 2 and for the next 20-50 years!
Deloitte should be using sensitive data discovery software to ensure employees aren't copying data to discs and leaving them in seat pockets. Is it really that hard to search a desktop for unprotected SSNs? Why doesn't every employee at a firm like that search their data themselves all the time? Then if they have to create a CD, it is created with encrypted data.
Auditor loses McAfee employee data
Summary
An external auditor misplaces a CD with details of thousands of workers, putting them at risk of identity fraud.
Topics
An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud.
The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that may have been on the CD, MacDermott said.
The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region, MacDermott said. (The security company currently has approximately 3,290 employees worldwide.) The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.
"We notified our current and former employees last week and the week before," MacDermott said. "We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services."
Deloitte & Touche confirmed the incident. "A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket," a representative for the professional services firm said. "We are not aware of any unauthorized access to this data in the two months since the CD was lost."
The McAfee incident is the latest in a string of data security breaches. In the last 12 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees, MacDermott said.
Deloitte & Touche USA is a multibillion-dollar professional services firm that provides audit, tax, consulting and financial services.
Talkback Most Recent of 1 Talkback(s)
-
flyhunt689th Mar
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
