Stolen Boeing laptop held ID data on 382,000

Former Boeing employees, some retirees could be at risk of ID theft after a notebook goes missing.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Dec. 14, 2006 12:47 p.m. PT

2 min read

Boeing has confirmed that a laptop stolen from an employee's car contained sensitive information on 382,000 workers and retirees.

It is third such incident at the aircraft giant in the past 13 months. The laptop contained names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees, company spokesman Tim Neale said. The theft potentially puts the individuals at risk for identity theft.

Despite the large number of people affected by the theft, Neale said Boeing has received no reports of the sensitive information being compromised.

"We have no evidence that Boeing was targeted by an individual or a group, so maybe the laptop was stolen just for the value of the laptop," Neale said.

He added that the notebook was turned off at the time it was stolen and requires a password to access the data.

Boeing, meanwhile, is still in the process of notifying those individuals whose information was on the laptop. It is providing them with up to three years of free credit monitoring.

Since fall of last year, Boeing has suffered the theft of two other laptops containing sensitive information about current or former workers. In April, a notebook containing information about 3,600 individuals was stolen, and in November 2005, a similar incident involved a breach of data on 161,000 people.

"Even before the first incident, the company had security procedures and policies that called for them to work off of the server behind the firewall. But after the November theft, we asked for everyone to review our policy and remove information off their hard drives and work off the server. We even had managers go around to double check that that had happened," Neale said.

He added he has not yet heard why the employee in this latest incident downloaded information off of the server.

After the April incident, Boeing decided to start a project that would automatically encrypt files as they are pulled off the server, Neale said. The first groups to test this technology will be those working with employee data. However, the encryption procedures will be eventually implemented in other areas of the company that deal with sensitive data, he added.

The company also is working on ways to eliminate the use of Social Security numbers, as much as possible, as an identifier for Boeing employees, he said.