Honeywell Investigates Security Breach

January 31, 2006

Associated Press

Honeywell International is offering credit monitoring and identity theft insurance to approximately 19,000 current and former employees whose personal information . including Social Security numbers and bank account information . was posted on an Internet Web site.

The company notified employees about the breach within a day of learning of it on Jan. 20, according to spokesman Robert C. Ferris.

"The company immediately contacted the relevant service provider, had the page removed from the Internet and is continuously monitoring the Internet to ensure that the Web page and any copies of it remain taken down," said Ferris.

He said the company was working with federal and state investigators to determine who posted the data. Ferris said he didn't know whether the posting was the work of a disgruntled employee or resulted from an administrative error or other cause.

"Honeywell will aggressively pursue those responsible for this breach," Ferris said.

In a Jan. 24 letter to employees, the company's vice president of global security, John E. McClurg, said the Identity Theft and Fraud Division of insurer AIG would help them protect themselves.

"They will provide you with a tool kit of resources and hands-on support to address any issues you encounter," he said.

The Morristown-based industrial and aerospace conglomerate employs about 120,000 people worldwide.

Incidents like the Honeywell security breach are on the rise as thieves and pranksters take aim at corporate America, according to Ron Teixeira, executive director of the National Cyber Security Alliance, a Washington, D.C.-based nonprofit dedicated to educating individuals and corporations about cyber safety.

"There are a number of reasons why this could have happened. When it's put out on the Web, hackers do that to show they could get access to the information and show the company their security was lacking. Other times, hackers are actually thieves or try to sell the information to thieves to commit ID theft.

"Any time your info is posted on a Web site, you never know who's using it and what they're using it for," said Teixeira.

[an error occurred while processing this directive]