Wednesday, August 8, 2007

Verisign laptop theft

This one is over the line. A former Verisign employee had a laptop stolen from their car and the laptop may have contained employee data. An article at SearchSecurity.com has the details, including tidbits like "The laptop may have contained such personal information as names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses".

But don't worry, "The laptop was fully shut down and requires a username and password to log on to the Windows application. To our knowledge, the thieves do not have the password". Besides, "there's no indication of fraudulent activity thus far".

This is a respected security company, not some naive retailer. There are too many questions to fathom here.
  • Whose laptop was this?
    • If it was Verisign's, why did the ex-employee still have it?
    • If it was the ex-employee's, why was company data on it?
  • Why does a former employee still have this info?
  • Why does anyone need this kind info on a laptop?
  • Why wasn't the data encrypted if there was a reason to have it on a laptop?
  • Why was the laptop left in the car overnight?
  • Who believes that a Windows username and password will protect anything when an attacker has unlimited physical access?
  • When will people learn?
Verisign has quite a few job openings listed on their careers site, I wonder how much this will hurt their recruiting efforts? I'm glad I'm not in HR or PR at Verisign this week.

Jack