What is Digg?Sponsored by Travelzoo
Take Advantage of Ridiculously Low Holiday Airfares view!
travelzoo.com - Flights $52 and up for Thanksgiving, Christmas & New Year. But move on it now.
84 Comments
- Alaerus, on 10/12/2007, -0/+76Makes you wonder why that information was on a laptop to begin with...
- perkonis, on 10/12/2007, -0/+44I am constantly amazed at what ends up on laptops, thumb drives, etc. I think a good rule of thumb should be if you are likely to lose it, it should not contain sensitive information.
- Devoboy, on 10/12/2007, -3/+46Yeah, how dare they fire an employee that failed to follow established guidelines, consequently putting at risk thousands of others. I mean, the nerve of some people!~
- leobaby, on 10/12/2007, -1/+33A hundred thousand here, a few million there. At this rate, the identity of every American will have been stolen in 5 years.
- inactive, on 10/12/2007, -2/+26
Firing the incompetent idiot was the easy way out. They should have made an example out of him and ingested him into the turbine of their failed x-plane. - zeiben, on 10/12/2007, -14/+30"Where else are you going to put your data?"
Memorize it. Whiner. - Blankcheque, on 10/12/2007, -3/+16Yeah, ***** Boeing for holding the moron accountable....
- mt4055, on 10/12/2007, -1/+13@interpaul
Being a former employee i can agree with your opinion of Boeing but NOT for the decision to fire this employee. There is no way anyone should have this kind of info on a laptop at all, much less one that leaves the company. If this person had this little common sense he got what he deserved. I don't know if my name and SSN and birth date was on this laptop but if I become a victim of identity theft because of this I am going to be REALLY pissed.
I have said f--k Boeing many times myself, especially after they gave me a layoff notice after 29 years, 11 months and 3 weeks of service. One week short of my 30th anniversary. This one time I have to say, right-on Boeing.
A happy former Boeing lifer.
- Devoboy, on 10/12/2007, -2/+14You know, most punishments in our legal system also do not undo the harm done by a crime. Let's ditch that too.
Oh, wait... no... - SamsLembas, on 10/12/2007, -2/+13"Even though the employee data was not encrypted, the laptop was turned off. That means the person who stole the computer would not be able to access the employee data without a password to open the computer once it was turned on."
Umm... Isn't windows the same as Macintosh with letting you reset your password with a startup disk? Anyways, if the data is there and not encrypted, they can get at it with or without being able to login..... though I suppose many people would wipe the HD as soon as they got the computer home.
I really hate ignorant journalists who try to write about tech stuff. - falstaff, on 10/12/2007, -0/+10At the end of the day, companies have to trust employees. There should have been more oversight of this data, but this guy obviously ***** up big time. It's about time one of these data leaks have some real immediate consequences. A simple review of procedures isn't good enough. Employees everywhere need to know that being fast and loose with private data will be punished.
- eridius, on 10/12/2007, -0/+10How about just pulling the HD out of the laptop and plugging it into another computer?
- andytheidiot, on 10/12/2007, -2/+10I completely agree. This sort of sensitive data should not be on a personal computer, but a central server of some sort so that it can't be physically stolen.
- zigamorph, on 10/12/2007, -2/+10Now if only the government would follow suite when the same happens with their laptops.
- SoupsMan, on 10/12/2007, -2/+10I am absolutely dumbfounded at why this info is on a laptop. Network storage this stuff. And if it wont work...Get a freaking router at work set up! I'll do it for you! get some wireless cards! encrypt stuff. It is just anarchy at what people do. If anything, go back to paper files. get a brief case. The info is only valuable if you know what it is if its in paper files, and who to give it to. who ever stole the laptop is now +1 computer and +1 some blackmail/money.
I know if i has a choice between a brief case/folder and a laptop, I'd take the hardware. I know what it is.
People=S**t by Slipknot - molecool, on 10/12/2007, -1/+8"Even though the employee data was not encrypted, the laptop was turned off. That means the person who stole the computer would not be able to access the employee data without a password to open the computer once it was turned on."
The naivity of these people has no bounds. How about 'reinstalling' Windows (which invariably was running on it) and gaining full access back to that box? And btw - I'm sure the guest account was probably still available - see that all the time. Ridiculous... 400,000 more people now have to worry about identity theft. - inactive, on 10/12/2007, -2/+9Not only can I take all the files off of a windows laptop. I can also crack his password in under to seconds and use it to get into his email account.
To get the files just remove the hard drive and put it into an extern hard drive case that connects with USB. Then copy all the files.
To crack the password for use elsewhere, use this...
http://ophcrack.sourceforge.net/
The only true protection is encryption. I use TrueCrypt. - barderer, on 10/12/2007, -0/+7May I point out how STUPID it was to announce nationally that this stolen laptop had this information on it. The idiot that stole the laptop was probably just wanted to wipe it and sell it for cheap. Now they just alerted him how valuable the laptop REALLY is. And that whole password thing... they should really have a technical person look over technical content articles before posting such false information publicly.
- msgyrd, on 10/12/2007, -0/+7Linux LiveCDs will recover just about anything from a nonencrypted drive. The data is most definately not safe.
This begs the question though....are people stealing these laptops for the data they hold or because they just want a laptop? The common thief is probably pretty ignorant about computers, I'd say most of this data is never used, but its still scary.
Also...why isn't "phone home" software required to be installed on all company laptops??? You can get it for free and it would let you track down the thief the second he connects it to the internet. - ISVDamocles, on 10/12/2007, -3/+9My lap's top disappears every time I stand up!
It's hard *not* to lose it... but I don't understand why you would write that much info on your lap, though... - szdickerson, on 10/12/2007, -0/+6Laptop - $2000
Microsoft Office - $500
Being fired because I was stupid enough to store all employee files in an Excel spreadsheet - priceless - aeiou, on 10/12/2007, -1/+7"Where else are you going to put your data?"
Go ahead- put it on the laptop, but at least encrypt it if you're worried about it. - delta013, on 10/12/2007, -0/+4@Havs
"Where else are you going to put your data?"
See, there's the problem right there. It's not "your" data, it's "our" data. The data of 1000s of your customers. Why on earth do you need to have personal data for so many people on a laptop? What job could you possibly be doing that would require you to look though the names addresses and social security numbers of a few hundred thousand people?
All I can think of is customer service, and those people sit in cubicles with desktops hooked to a central database. - gregv, on 10/12/2007, -0/+4Seriously, a large company like this should have the resources to set up a nice infrastructure so that data can be accessed via the web. There is never a need for a laptop to have that sort of information on it. Just fire up an encrypted VPN link and connect up to a web front-ended application.
And...If you really need this sort of information on your own system. Then come into the freaking office.
What's more frightening, is that this isn't the first time that this exact thing has happened. It's one thing to fire the employee, but management allowed an environment to exist where an employee could have that data on a laptop. For all of this information, for so many people, to end up on a laptop it requires a really, really broken process in the way that these companies deal with HR data in general. - inactive, on 10/12/2007, -1/+5You don't need M$ to do encryption for you. A Boot loader and truecrypt do just fine. PLUS, no back doors.
- inactive, on 10/12/2007, -2/+6You're bashing someone you don't even know. We don't know the situation or what happened. I'm sure im going against the grain here, but it's stupid to talking about how much of an "idiot" someone apparently is when you don't even know them/what situation they were in.
If it's anyone's fault it's Boeing's. They let their workers use laptops to begin with. Obviously things like this will happen. - dhughes, on 10/12/2007, -0/+3"When a similar theft occurred last year, McNerney said, Boeing implemented an 'aggressive, multi-phased plan to better safeguard employee information.' "
I guess nobody knows how to use "the plan", maybe Boeing should help their employees and show them how to use the encryption tools etc. instead of waiting for disaster to strike and fire a bunch of them. - diggduggjoe, on 10/12/2007, -1/+4The true insanity is that they were not using a VPN. On the road or at home there is broadband. There is no reason that data should be on a laptop. That is likely why the SOB was fired.
Even for my small business, my laptop is used to connect back to my LAN over SSH tunnels to access my desktop. They could take my laptop and they would have nothing, but a laptop. Some file downloads are on the disk, but no client data or info on my business.
If, there is any rare reason to use a laptop for storage instead as an access device, the data should be encrypted. This happens far to often for companies to claim ignorance. Someone should sue Boeing just to get the point across that ultimately they are responsible to protect such data in the future. - mntpng, on 10/12/2007, -0/+3IT depart of a company I used to work for was giving away obsolete junker laptops. My coworker got his old laptop and it turns out it was once used by someone in the human resource department. Lets just say that it had all sorts of interesting information on every employee of the company.
I'm sure this sort of thing happens more often than not. The public almost never hear about them. - benitojuarez, on 10/12/2007, -1/+4We are deploying hard disk encryption at my workplace for all laptop users (900+).
You would be amazed at the lengths people will go to avoid it since it requires a usb token be inserted every time the computer is turned on. Sometimes you cant "just trust employees". Just the other day I finally got it installed for a woman that had been avoiding me for OVER A MONTH. - msgyrd, on 10/12/2007, -0/+3Actually, regardless of how stupid the employee was, I would still hold Boeing accountable for not having a policy in place to prevent such types of personal data from being on mobile devices. Unless the employee in question did this in light of such policy, Boeing is the guilty party here.
- glock22ownr, on 10/12/2007, -0/+2This is really ridiculous!!! Why do companies continue to use old ass Access like databases to store that *****? Sure the guy is at fault, but shouldnt info like that be secured on a server somewhere?? Client Server apps people !!!
- joe90210, on 10/12/2007, -3/+5that's why buisness' need to move to Vista immediately, built-in encryption via Bitlocker would have made this a non-story
- inactive, on 10/12/2007, -0/+2Good for boeing. Now, if only the others would follow suit and fire the idiots that do this sort of thing with my private information.
- inactive, on 10/12/2007, -0/+2
Do you really think Boeing would have contacted each person individually and personally informed them of the theft? I doubt it. I believe Boeing was legally obligated to publicly disclose the theft either by state or federal law or to protect themselves from lawsuits for not disclosing the theft. - maddev, on 10/12/2007, -0/+2A chart of all the reported laptop thefts in America from 2005 to 2006:
http://www.technibble.com/stolen-laptops-exposed-data-and-identity-theft/
There were 32,771,838 stolen records.... the population of Australia is only 22,000,000. - AnotherBrian, on 10/12/2007, -1/+3"Where else are you going to put your data?"
In an encrypted volume on the hard drive.
http://www.truecrypt.org/
(What the hell is wrong with these people?) - stevea1210, on 10/12/2007, -0/+2Why do some companies still not insist on FULL DISK ENCRYPTION on all laptops. It should never have been left up to the employee to encrypt the data. The laptop should have had the entire disk encrypted. Take the human factor out of the equation. Sacrifice a little performance for a lot of peace of mind concerning your data.
The person who should get canned is whoever thought it was a good idea to ask the employee to remember to encrypt the data. If they are stupid enough to put that much sensitive data on a laptop, do you think they are going to take the time to encrypt it? - inactive, on 10/12/2007, -0/+2I've seen a lot of security schemes at fortune 500s, VPNs, RSA tokens, and a mountain of usernames and passwords. They don't do jack-***** for the leaking data problem. If you can use the data to do your work, it means you have to see it, and if you can see the data on screen, it's yours. If you make people use "strong alphanumeric mixed case passwords" they will just write them down in a text file or on a sticky-note stuck onto the computer. Encryption has to be made easy to use, or it will be worked around. Two part authentication leads to this exact scenario, it's a pain in the ass so just copy the files and stay out of the slow VPN, then copy the modified crap back in.
- swiseman, on 10/12/2007, -2/+4What the hell was the employee thinking, leaving the laptop in their car first of all, and with such sensitive information on it?? Moreover, what kind of idiot wouldn't encrypt it?...like their policy tells them to? They deserve to be fired. Hopefully they're good at flipping burgers.. because who else would hire them? Really...
- MrObjectional, on 10/12/2007, -0/+2I guess the thiefs would use the data for ID theft, but I wonder if there are any places where I could hypothetically sell this type of information with few questions asked.
- datcrazydj, on 10/12/2007, -1/+3Jesus Christ. You hear all these stories about laptops being stolen with information on it, and companies STILL continue to lose their laptops.
For crying out loud now... - AnotherBrian, on 10/12/2007, -0/+1Slow down.
I agree that this guy should be nailed to the wall _IF_ the company had a policy in place that mandated encryption and he didn't follow it.
The employee could get in just as much trouble if he encrypted the data because he could be accused of holding it hostage. - amarsuperstar, on 10/12/2007, -0/+1"A person with knowledge of the matter said the employee data was not encrypted as company policy requires once it has been downloaded from a server."
This could possibly have been done on purpose.
"BREAKING NEWS: Airbus gain 12,000 new employees" - RichB214, on 10/12/2007, -0/+1The simple prevention mechanism here is to require that all laptops have encrypted hard disks. Once the disk is encrypted you are not obligated to report the laptop stolen even if there is confidential data contained on it.
As for products that enable disk encryption, safeboot comes to mind. - inactive, on 10/12/2007, -0/+1TrueCrypt is free. There is no excuse for this.
- cruzlee, on 10/12/2007, -0/+1Three words:
Whole disk encryption. - coyo7e, on 10/12/2007, -0/+1Notice how this is EMPLOYEE data, not customer data.
If it had been cutsomer data, there would not have been any disciplanary followup, I bet. But the CEO getting his social security number stolen, well, that's unforgivable! - ActionableMango, on 10/12/2007, -0/+1"You would be amazed at the lengths people will go to avoid it since it requires a usb token be inserted every time the computer is turned"
Won't people just keep the USB token in the same case as the laptop? -
Show 51 - 85 of 85 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is