[Dataloss] FW: Former Employee Found to Have Disclosed Confidential Data

Bean, Michael (NM75) michael.bean at honeywell.com
Wed Feb 1 11:04:29 EST 2006


Not sure if this has made the dataloss list yet...
 
Thought it was timely.

  _____  

From: Parlato LeDonne, Lisa 
Sent: Tuesday, January 31, 2006 3:02 PM
Subject: Former Employee Found to Have Disclosed Confidential Data



Dear Colleague:

 

During the past week, Honeywell has been responding to the unexpected and
unauthorized disclosure of personal data from 2003 for 19,000 current and
former employees on a third-party Website. Among the data that appeared on
this Website were employee names, Social Security numbers and bank account
information from that year. All affected individuals have already been
contacted by John McClurg, Vice President of Global Security, Business
Assurance and Risk Management, but I wanted to provide this update to all
U.S. employees so everyone can learn what happened and how we have
responded. There are three important points I want everyone to understand:

 

1. Honeywell moved very quickly to have this information removed from the
Internet and to investigate what happened. Upon learning about the site, we
immediately contacted the Internet service provider and had the page
removed, and we continue to monitor the Internet to ensure that the Webpage
and any copies of it remain taken down. Through the work of our
investigators, we have determined who we believe is responsible for the
disclosure. I am pleased to announce that yesterday we filed a civil lawsuit
in U.S. District Court in Arizona against a terminated employee. We received
an order from the court that will prevent this individual from making any
further disclosures and will allow Honeywell to recover any company
information in his possession. We also are continuing to cooperate with an
ongoing criminal investigation with the FBI.

 

2. The company communicated with affected individuals as quickly as
possible. Of the 19,000 individuals who were affected, more than 11,000 have
active e-mail addresses on Honeywell's system. Within one business day of
when we learned about the Website, John McClurg sent updates on the
situation to these individuals as well as a first-class letter to those
affected for whom we did not have e-mail addresses. Yesterday, John sent
another update - his third within the past week - to the active e-mail
addresses, and by now, we have sent first-class letters to the homes of all
19,000 affected individuals. If you neither received an e-mail nor a
first-class letter from John, you are not among those who were affected.
Watch the Inside Honeywell Intranet home page for further updates.

 

3. The company is taking steps to protect those who were affected. Honeywell
takes the protection of its employees' and former employees' data very
seriously. That's why we are making credit monitoring and identity theft
insurance available to affected individuals free of charge over the next 12
months. Please note that only current and former employees whose data was
posted on the site are eligible for these services. We know you'll join us
in respecting the need to ensure this help is reserved for those whose data
was disclosed.

 

Our One Stop call center has been working busily to answer employee
questions while keeping wait times to a minimum. If you have a question that
needs to be answered right away, call One Stop at 1-877-258-3699 (select 2
for Payroll Services) between 8 a.m. and 6 p.m. EST, Monday through Friday.
If your question can wait, please hold off for a few days, or e-mail One
Stop at payrollcustomerservice at es.honeywell.com - they are responding to
e-mails within 24 hours.

 

While we have made progress in addressing this situation, everybody involved
is mindful that much remains to be done. We regret the inconvenience for
those whose data was disclosed.

 



Lisa Parlato LeDonne

Chief Privacy Officer

Chief Labor & Employment Counsel

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20060201/c2d1325e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1761 bytes
Desc: not available
Url : http://attrition.org/pipermail/dataloss/attachments/20060201/c2d1325e/attachment.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4183 bytes
Desc: not available
Url : http://attrition.org/pipermail/dataloss/attachments/20060201/c2d1325e/attachment.bin 


More information about the Dataloss mailing list