[Dataloss] Honeywell Investigates Security Breach

Richard Forno rforno at infowarrior.org
Tue Jan 31 19:33:56 EST 2006 

(first post!!  -rf)

Honeywell Investigates Security Breach

http://news.yahoo.com/s/ap/20060201/ap_on_hi_te/honeywell_internet

MORRISTOWN, N.J. - Honeywell International is offering credit monitoring and
identity theft insurance to approximately 19,000 current and former
employees whose personal information ‹ including
Social Security numbers and bank account information ‹ was posted on an
Internet Web site.

The company notified employees about the breach within a day of learning of
it on Jan. 20, according to spokesman Robert C. Ferris.

"The company immediately contacted the relevant service provider, had the
page removed from the Internet and is continuously monitoring the Internet
to ensure that the Web page and any copies of it remain taken down," said
Ferris.

He said the company was working with federal and state investigators to
determine who posted the data. Ferris said he didn't know whether the
posting was the work of a disgruntled employee or resulted from an
administrative error or other cause.

"Honeywell will aggressively pursue those responsible for this breach,"
Ferris said.

In a Jan. 24 letter to employees, the company's vice president of global
security, John E. McClurg, said the Identity Theft and Fraud Division of
insurer AIG would help them protect themselves.

"They will provide you with a tool kit of resources and hands-on support to
address any issues you encounter," he said.

The Morristown-based industrial and aerospace conglomerate employs about
120,000 people worldwide.

Incidents like the Honeywell security breach are on the rise as thieves and
pranksters take aim at corporate America, according to Ron Teixeira,
executive director of the National Cyber Security Alliance, a Washington,
D.C.-based nonprofit dedicated to educating individuals and corporations
about cyber safety.

"There are a number of reasons why this could have happened. When it's put
out on the Web, hackers do that to show they could get access to the
information and show the company their security was lacking. Other times,
hackers are actually thieves or try to sell the information to thieves to
commit ID theft.

"Any time your info is posted on a Web site, you never know who's using it
and what they're using it for," said Teixeira.

More information about the Dataloss mailing list