seattlepi.nwsource.com — The Boeing Co. said Thursday it has fired the employee whose laptop was stolen with personal information about nearly 400,000 retired and current company workers. Files on the stolen computer contained salary information, Social Security numbers, home addresses, phone numbers and birth dates.
Dec 16, 2006 View in Crawl 4
Closed AccountDec 17, 2006
I've seen a lot of security schemes at fortune 500s, VPNs, RSA tokens, and a mountain of usernames and passwords. They don't do jack-s**t for the leaking data problem. If you can use the data to do your work, it means you have to see it, and if you can see the data on screen, it's yours. If you make people use "strong alphanumeric mixed case passwords" they will just write them down in a text file or on a sticky-note stuck onto the computer. Encryption has to be made easy to use, or it will be worked around. Two part authentication leads to this exact scenario, it's a pain in the ass so just copy the files and stay out of the slow VPN, then copy the modified crap back in.
americanistsamDec 17, 2006
Question here. Why the retirees files are so important for Boeing may be the half of the 400,000 employees was fired by a way or another like this unfortunate employee. right ?
anotherbrianDec 17, 2006
Slow down.I agree that this guy should be nailed to the wall _IF_ the company had a policy in place that mandated encryption and he didn't follow it.The employee could get in just as much trouble if he encrypted the data because he could be accused of holding it hostage.
sgtbeavisDec 17, 2006
@codemonkeyFiring is VERY appropriate. That data is not your property. You are not supposed to have that data off company grounds in an area where it could potentially be stolen. There are MILLIONS of dollars at stake. Not company dollars, but the hard earned dollars of employees or vets. It would amaze me that someone from the VA would still have their job, but I used to work in the beltway and nothing like that surprises me. Hell Rumsfeld shoulda been fired years ago but even he left on his own. There is no F'ing accountability in DC.
portwojcDec 17, 2006
I'm sure HR is now dealing with a lawsuit now simply because of Boeing's negligence. Their IT department should have had the entire laptop HD encrypted to begin with. That way without the login userid/password all you have a is a laptop that can only be rebuilt.
richb214Dec 18, 2006
The simple prevention mechanism here is to require that all laptops have encrypted hard disks. Once the disk is encrypted you are not obligated to report the laptop stolen even if there is confidential data contained on it.As for products that enable disk encryption, safeboot comes to mind.
coyo7eDec 18, 2006
Notice how this is EMPLOYEE data, not customer data.If it had been cutsomer data, there would not have been any disciplanary followup, I bet. But the CEO getting his social security number stolen, well, that's unforgivable!