The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that may have been on the CD, MacDermott said.
The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region, MacDermott said. (The security company currently has approximately 3,290 employees worldwide.) The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.
"We notified our current and former employees last week and the week before," MacDermott said. "We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services."
Deloitte & Touche confirmed the incident. "A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket," a representative for the professional services firm said. "We are not aware of any unauthorized access to this data in the two months since the CD was lost."
The McAfee incident is the latest in a string of data security breaches. In the last 12 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.
McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees, MacDermott said.
Deloitte & Touche USA is a multibillion-dollar professional services firm that provides audit, tax, consulting and financial services.