An Electronic Data Systems employee has lost a laptop containing an unspecified amount of private data on former and current Royal Ahold workers. The computer was checked into the cargo hold on a flight from Philadelphia, but failed to reappear in Boston. EDS has stated that their security policy prohibits their laptops from being checked in as baggage on flights, but in the opinion of experts at InfoWatch it would have been much easier to simply encrypt the data.
Grocery retailer Royal Ahold NV has lost personal information on an unknown number of former and retired employees at its Giant Food, Stop & Shop and Tops chains, The Washington Post reported last week.
The lost data included names, Social Security numbers, birth dates and benefit amounts. It was on a laptop lost on May 2 by an employee of Electronic Data Systems (EDS), which is responsible for Royal Ahold’s data.
Royal Ahold has already sent out letters notifying their employees about the incident. The company has also recommended that workers alert credit bureaus and said it will pay for one year of credit monitoring. Reports said that the lost laptop was only password-protected and that the data on it was not encrypted. EDS apparently has no such policy of protecting private data on its portable computers or storage devices.
The employee who was responsible for the data breach was traveling between Philadelphia and Boston on a commercial flight. She was asked to store her laptop in a cargo area with other checked luggage because the overhead bins were full. By doing so she violated EDS rules, which prohibit the checking in of laptops. On arrival the computer was not among the luggage and it is now believed to have been stolen.
“I think a rule that prohibits the checking-in of laptops with luggage is clearly not enough to protect private and confidential data. This issue can only be resolved by encryption. No password or administrative restrictions will help protect data from a criminal who simply snatches a laptop from a company employee. A number of laptop owners have even ended up in hospital after such attacks,” says Denis Zenkin, marketing director at InfoWatch.
Source: Washington Post