Semtech has notified its U.S. employees of a potential breach of their personal data.
The Camarillo-based chipmaker said a laptop computer and other personal belongings were stolen from one of its vendors. The computer was not stolen from a Semtech facility, but "may have contained computerized data relating to Semtech employees."
Semtech notified all of its U.S. employees in late September, although the company declined to say how many of its 690 employees are based in the United States. The firm also declined to name the vendor from whom the computer was stolen.
The vendor that lost the laptop will pay for identity-theft protection services for all of Semtech.s employees for one year.
Semtech declined to provide further details of the incident, such as what personal employee data may have been put at risk, when the theft happened or how long it took the company to inform its workers of the potential breach.
California state law requires companies that suffer theft of personal data, such as Social Security numbers, to inform those potentially affected in "the most expedient time possible and without unreasonable delay."
News of a potential data leak is the lone dark spot on Semtech's otherwise strong performance during the past two months.
Benefiting from growing investor confidence in a new batch of executives and traditional strong seasonal buying patterns in semiconductors, the company's shares gained more than $4.50, or 28 percent, between the beginning of August and the beginning of October. Semtech employees will be offered identity theft protection services from an Arizona-based firm called LifeLock.
LifeLock sets fraud alerts on customers' credit profiles with the three major U.S. credit reporting bureaus, scrubs customers' names from junk mail lists and sends customers their free credit reports. Customers can monitor those reports for unauthorized activity, such as a new credit card account established falsely.
Stolen-laptop data breaches have grabbed headlines in recent weeks. Apparel retailer Gap on Sept. 28 said a laptop computer containing the Social Security numbers of about 800,000 people who applied for jobs at the company's stores between July 2006 and June was stolen from one of its vendors.
Robert Siciliano, CEO of IDTheftSecurity.com, said that Semtech is likely doing everything it could and should in the wake of potentially stolen employee data.
If Semtech quickly notified its workers of a possible breach and ensured access to identity theft protection services, Siciliano said, then the Camarillo company took "a strong approach to preventing identity from occurring. It's unfortunate that it has to be reactive, but that's just the way things go when this happens."
Siciliano said there is little Semtech could have done to prevent the incident.
"Unfortunately, breaches like this are going to continue unabated," Siciliano said. "The information on the laptop computer may not have been the goal of the thieves, but ultimately the damage has been done." Beth Givens, the director of Privacy Rights Clearinghouse, a San Diego-based consumer advocacy group, said any future legal action against either Semtech or the vendor from whom the data was stolen would depend on whether any Semtech employees are actually defrauded by identity thieves.
"Realistically speaking, if somebody wants to sue, they would need to show that they've been harmed," Givens said. "There's a potential harm here ... but that wouldn.t translate into actual harm in a lawsuit."