Armstrong World Industries informed workers last week that a thief had stolen a laptop computer containing personal information on about 12,000 current and former employees.
A company memo sent July 20 from Armstrong's Lancaster headquarters said the stolen laptop had been in the possession of an employee of Deloitte & Touche LLP, a firm that conducts regular internal audits for Armstrong.
F. Nicholas Grasberger III, Armstrong senior vice president and chief financial officer, said the personal information on the stolen laptop contained names, home addresses, phone numbers, Social Security numbers, employee identification numbers, annual salary/hourly wage data and the bank account numbers of employees who have their checks directly deposited.
"We sincerely apologize for the incident and its associated risk," Grasberger's two-page memo stated.
"Deloitte & Touche has assured Armstrong that it has established additional safeguards to better secure personal information."
Grasberger said the laptop was stolen from a locked vehicle belonging to a Deloitte & Touche employee. He did not elaborate on whether anything else was taken from the car.
Armstrong did not immediately return phone calls Monday. A Deloitte & Touche spokeswoman in New York declined to comment.
In the company memo obtained by the Intelligencer Journal, Armstrong said a police report was filed, but the laptop had not been recovered.
The company said the file containing the personal information is password-protected but not encrypted, which would provide a higher level of security.
The Armstrong incident is the latest in a string of reports of stolen laptop computers that contain sensitive and personal information of university students, government workers, businesses employees and the U.S. military.
In May, a thief ripped off a U.S. Department of Veterans Affairs laptop that held personal information of 26.5 million veterans and military personnel. That computer was recovered.
Last month, a laptop containing personal data of 13,000 District of Columbia workers and retirees was stolen from the home of an employee of ING U.S. Financial Services.
The rash of such incidents could be a boon to John Livingston, president and chief Executive of Absolute Software Corp. The Canadian company developed LoJack for Laptops and Computrace, technology that traces laptops stolen from individuals and companies.
"A laptop is stolen every 53 seconds, and 97 percent are never recovered," Livingston said Monday during a phone interview from Vancouver, British Columbia.
Top manufacturers such as Gateway, Dell, HP and IBM/Lenovo last year began embedding the software into all their laptop models, Livingston said.
"We invented this 10 years ago and have been working hard for the last five years to get the manufacturers on board. It's incidents like the one at Armstrong that convince companies to activate the software available to them," Livingston said.
Absolute Software's eight-man recovery team, made up of former law enforcement officers, recovers about 100 laptops per month in North America.
Armstrong said it's not aware of any unauthorized access or misuse of its associate's personal information. While the laptop contained individual bank numbers, the bank's names were not included.
Affected employees were told to take precautions to protect against identity theft. Armstrong suggested employees contact a national credit reporting agency and request that a 90-day temporary fraud alert be placed on credit files.