Stolen Laptops Increase Risk of Identity Theft

Stolen laptops continue to be a main source of data breaches. Laptop computers are increasingly creating a liability risk with regards to identity theft for companies who allow employees or contractors to have personal and private information of others stored on their laptop and used outside of the work premises. Progress has been slow on this front as data is rarely encrypted on laptops, many are not password protected and if they are can easily be hacked and many companies still don’t have policies in place to deal with this issue. Of course, identity thieves still continue to break into businesses to steal laptops or other computers but usually in these situations there is no carelessness or negligence especially when the data is encrypted.

Here are some recent data breaches that highlight the theft of laptops containing personal information. By recognizing the issue and the extent of the problem it creates regarding identity theft we may be able to effectively deal with it and provide solutions.

MARYLAND DEPARTMENT OF THE ENVIRONMENT
Mid November, the Department of Information Technology (of Maryland) was informed of the loss of two laptop computers. These laptops were stored in secure offices and were stolen from the locations. Currently, the Department of General Services Police are investigating the theft.

One laptop is thought to contain the names and Social Security numbers of over 1300 past employees of the Maryland Department of Environment. Currently, the Department of Information Technology is hardening their policies to protect the organization from further damage to their security.

HEWLETT-PACKARD
In October of 2008, a laptop was stolen in Houston from an HP employee. It was believed initially that there was no personal data on the laptop, but after some research into back-up files, the company realized that the laptop contained information such as Social Security numbers of current and former employees. Since they were unsure of the information on the laptop, they did not notify authorities immediately as they did not know the private data was on the machine.

HP is notifying it’s employees, both past and present, to be aware of the security breach, even though it is understood that the laptop was password protected.

It is said that “several thousand” employees will be affected by this data breach. They are encouraged to keep a close eye on their credit information for any possible identity theft arising from this situation. You can do this by checking your credit report or signing up with a credit monitoring service.

OREGON HEALTH AND SCIENCE UNIVERSITY
While in Chicago, a hospital employee had a work laptop stolen from his hotel room.
Officials said that they are unsure what information is on the laptop, but can confirm that it did not include Social Security numbers or medical diagnoses or treatments. It is thought that about 900 patient names, telephone numbers, and birth dates may be on the laptop’s hard drive.

This information is password protected, so the hospital is not worried about the information being used for identity theft, but they are “taking all precautions and steps to protect those who may be affected”. It is unclear how.

So what do you do if your personal information was exposed by a stolen laptop?
First of all you have to assess the risk. What information was compromised? Was it password protected? Was it encrypted? In doing so review all company literature on the data breach but read it with a grain of salt. It is best to assess the risk yourself.

Second, enroll with one of the many credit protection services or implement your own identity theft protection plan. There are many different options from fraud alerts to credit monitoring or freezes and we will go over these options in the coming months so please check back regularly.