Offers of free bank transaction monitoring and insurance against identity theft have been made to 19,000 former and current employees at Honeywell International after their Social Security numbers and bank account details were posted on the Internet.
Honeywell International, the industrial and aerospace conglomerate, has offered 19,000 of its former and current employees one year of free bank account monitoring and insurance against identity theft after personal information was leaked from the company. The company currently has 120,000 employees.
The company informed those affected by the data breach one day after it learned of the leak (Jan. 20, 2006), a representative of Honeywell International said.
The company immediately addressed the Internet provider with a request to remove the offending page containing the employees' private data. The information was indeed taken down, but there is no guarantee that copies have not been made elsewhere on the Internet.
The company is working with federal and state investigators to determine who posted the data. A Honeywell spokesman said he didn't know whether the posting was the work of a disgruntled employee or resulted from an administrative error or other cause.
A security officer at Honeywell International stated that the company was aware just how damaging the leak could be and that those affected would be provided with the relevant resources and information to protect themselves, including insurance against identity theft.
Confidential information regularly finds its way on to the Internet, either leaked deliberately or by mistake. In January highly sensitive information belonging to contractors working with the U.S. government was freely available to the users of a General Services Administration Web site. The information could have been used to win tenders and conclude deals worth millions of dollars.
“Regardless of whether the incident was the result of negligence or sabotage, the confidential information should never have ended up on the Internet. It took place at Honeywell International because there was no integrated system of IT security to control the movement of sensitive data within the company. It means there was nothing to prevent insider attacks. Of course, instead of creating extra problems for their employees and trying to minimize the risks through free monitoring and insurance, the company should have thought about managing its own risks. It would have been much cheaper and much more effective," points out Denis Zenkin, marketing director at InfoWatch.
Source: Herald-Sun