MCI employee data stolen in laptop theft

May 23, 2005

By Robert McMillan, IDG News Service

http://www.infoworld.com/article/05/05/23/HNmcidatastolen_1.html?APPLICATION%20SECURITY



MCI is evaluating new corporate security technologies following the theft of a notebook computer containing personal information on about 16,500 current and former employees, the company said Monday.

The missing data include names and social security numbers stored on a laptop that was stolen last month from a car parked in the home garage of an MCI (Profile, Products, Articles) financial analyst, said Linda Laughlin, an MCI spokeswoman. The MCI employee, whom Laughlin declined to identify, was authorized to have the data on her laptop where she was using it to analyze financial trends for the company, she said.

Though MCI is now investigating the "policies, procedures and circumstances surrounding the theft," the company does not believe that the analyst violated MCI policy, Laughlin said. MCI uses encryption technology to protect its corporate data, but the company is now in the process of evaluating new security technologies, including stronger encryption software. "What we'll do is we'll go and enhance some of the tools that employees can use on their laptops," Laughlin said.

One tool that may help out MCI employees is a car key.

Colorado Springs Police Department investigators found no signs of damage to either the car or the garage where it was parked, leading them to assume that the car in question was not locked at the time of the theft, said Lieutenant Rafael Cintron, a public information officer with the department.

MCI's Laughlin could not say whether leaving this data in an unlocked car would violate company policy.

Either way, retrieving the missing laptop, which was reported stolen April 5 in Colorado Springs, Colorado, may prove difficult.

Colorado Springs officers are in the process of contacting local pawnshops to see if it has been sold, but investigators have few leads in the case. "There was no damage to the vehicle, no witnesses, so there's not much to go on," Cintron said.

MCI has sent out notification letters to the people whose personal information was compromised by the theft, but has seen no evidence that anyone has attempted to illegally use this information, Laughlin said.

The stolen laptop was password protected, but Laughlin would not say whether or not the Excel spreadsheet files that contained the sensitive data were themselves encrypted.

The MCI theft is just the latest in a series of high-profile mishaps in which companies have lost large quantities of personal information. Earlier this month, Time Warner Inc. lost 40 backup tapes containing data on 600,000 current and former employees. And ID thieves have gained access to data on hundreds of thousands of people following computer break-ins at ChoicePoint Inc. and Reed Elsevier Group PLC's LexisNexis Group.

[an error occurred while processing this directive]