Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] 40,000 BP workers exposed in Ernst & Young laptop loss

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] 40,000 BP workers exposed in Ernst & Young laptop loss
Date: Fri, 24 Mar 2006 02:41:19 -0600 (CST) 
http://www.theregister.co.uk/2006/03/23/ey_bp_laptop/

By Ashlee Vance in Mountain View
23rd March 2006

Exclusive - Like sands through the hourglass, these are The Days of
Ernst & Young laptop loss. Yes, friends, The Register can confirm that
BP has been added to the list of Ernst & Young customers whose
personal data has been exposed after a laptop theft. BP joins Sun
Microsystems, Cisco and IBM in this not so exclusive club.

Ernst & Young has sent out a letter to all 38,000 BP employees in the
US, telling them that a laptop theft had exposed their names and
social security numbers. To keep the BP staff's mind at ease, Ernst &
Young said that the file name containing their info did not indicate
what type of information was on the laptop, and the laptop was
password protected. Phew!

Ernst & Young confirmed that this is the very same laptop that held
data on the Sun, Cisco and IBM workers. All of these data losses were
revealed by us in a set of exclusive stories. Ernst & Young also
recently lost four more laptops in Miami, although it has not said
which customers were affected in those incidents.

Oddly, the Ernst & Young saga has gone untouched by other media
outlets. That's somewhat surprising given the vigor with which
security reporters chased down our initial confirmation yesterday that
a Fidelity Investments laptop loss had exposed the personal
information of 200,000 HP employees.

Ernst & Young continues to maintain a code of silence around the
laptop thefts, saying only that the BP/Sun/IBM/Cisco machine was
password protected. This speak no evil policy has resulted in a string
of stories as Ernst & Young customers are told one by one about the
theft.

It's difficult to obtain an exact figure on how many people have been
affected by Ernst & Young's security lapse given that it won't say
anything on the subject. We do, however, know that the IBM data breach
exposed all current and former employees who have worked overseas at
some point in their career. So, we're likely talking well over 100,000
people in that one incident.

You have to wonder how long these thefts can continue before the
financial services companies start explaining why key customer data
was sitting on laptops and why workers felt it okay to leave these
laptops in their cars or in conference rooms. The lack of action on
their part will no doubt encourage legislators to step in at some
point.

Keep your letters coming. ®



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] 40,000 BP workers exposed in Ernst & Young laptop loss, InfoSec News <=
Previous by Date:  [ISN] HHS rebuts GAO's security assessment, InfoSec News
Next by Date:  [ISN] Israeli Software Firm Abandons U.S. Deal, InfoSec News
Previous by Thread:  [ISN] HHS rebuts GAO's security assessment, InfoSec News
Next by Thread:  [ISN] Israeli Software Firm Abandons U.S. Deal, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]