Tuesday, November 22, 2005

Boeing loses notebook PC

Not a lot of news coverage about this - maybe people are getting used to it? - but Boeing had a notebook PC stolen from an HR person. On the PC was the personal data of some 161,000 current and former Boeing employees including names, addresses, social security numbers, banks, routing numbers for the banks, and bank accounts. The saving grace is that the information was password protected (no word on what sort of encryption). Boeing is providing current employees with info on credit checks and offering to pay for credit alerts (the very least that they can do and an appropriate response, IMO). One person in the article asks the obvious question: why was this person carrying around so much data in the first place? Why wasn't the data maintained on a secure server on the network and accessed when needed?

I don't want to drag on Boeing too much because their response has been about as good as can be expected, short of preventing this from happening in the first place. And the event appears to have occurred off site, which begs the above questions even more. Still, having wandered around Boeing plants now for several weeks, I can honestly say that I'm not surprised by security breaches there. Now, if the information does fall into the wrong hands, wouldn't it be nice if there were some sort of civil recourse for citizens who had their data compromised?

From the story in the Seattle Times (linked above):

Highly sensitive personal data on 161,000 current and former Boeing workers are missing after the theft of a company personal computer.

The data included "names and Social Security numbers, and in some cases birth dates and banking information," according to a Boeing statement released Friday afternoon.

The news incensed workers who were notified by the company.

"It's absolutely ridiculous if that kind of information is on a personal computer," said Rob Hall, a mechanic in the Integrated Defense Systems division at Boeing Field.

The banking information included names of banks, routing numbers and account numbers for some workers who had elected to have their paychecks directly deposited into their accounts, according to Tim Neale, a Boeing spokesman.

No credit-card numbers were on the computer.

The information was password protected, Neale said. "It was locked and thus not easy to access the information."

No follow-up story has yet been published in the Seattle Times, though they did a good job reporting this story to begin with.

Not to rag too much on the Seattle Times, but they printed this story last week on the so-called bird flu pandemic possibility and once again forgot to mention that the reason that the Tamiflu the Bush administration ordered will not be ready until 2007 is because they ordered it late - behind 40 other countries, mostly European countries. That's right, the Bush administration dropped the ball on ordering and preparing it's stockpiles of the only drug thought to work against the flu strain. They had plenty of warning, too, from the UN about it. The Europeans took notice and the Bush administration did not and, apparently, neither does the news media which continues to allow the administration to guide this story without reporting the fact that they dropped the ball in the first place.

I've written to the Seattle Times about this sort of thing on this particular issue and one other (global warming). This story, like others mentioned, was not originated by the Seattle Times, but was published in their paper. It neglects to mention the previous information that was available in the Seattle Times. I chalk that up to poor editing, though they would probably defend it by A) saying their resources were stretched too thinly, B) that they are highly compartmentalized and therefore not every editor has the opportunity to familiarize themselves with every story, and C) they didn't write the news; they only print it.

No comments: