Spam Daily News | Deloitte and Touche loses data on thousands of McAfee employees

From Spam Daily News

Most Read Stories
Deloitte and Touche loses data on thousands of McAfee employees
Posted on February 24, 2006

McAfee was informed of the incident nearly a month after a Deloitte auditor left an unencrypted backup CD containing names, Social Security numbers and information on stock holdings held by over 9,000 of McAfee's employees in an airline seat pocket.

The information concerned McAfee's U.S. and Canadian employees hired prior to 2005, amounting to about 6,000 former employees and 3,290 current staffers.

After a Deloitte investigation determined who had been affected, McAfee began notifying employees of the situation via postal mail. The last of these notification letters was sent out last week, said company spokeswoman Siobhan MacDermott.

"We notified our current and former employees last week and the week before. We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services, " MacDermott said.

McAfee is offering employees two years worth of credit monitoring through Experian, one of the three major credit bureaus.

McAfee is now in the process of changing its corporate policies to ensure that this type of data loss does not occur in the future, MacDermott said. "We're certainly reviewing how third parties work with our data," she said. "We're working to make sure that we don't have Social Security information on these types of files moving forward."

Deloitte spokesman Jeffrey Zack confirmed that a "Deloitte and Touche employee left an unlabeled backup CD in an airline seat pocket, and the lost disk may contain certain personal information on current and former employees." He would not comment on why the CD was not encrypted.

That a prominent computer security company would have been ensnared in the same type of privacy breach that has become almost common across many industries surprised and disappointed some consumer advocates.

"I don't understand it," said Ken McEldowney, executive director of San Francisco-based Consumer Action. "How hard would it be to encrypt the data? How hard would it be to make sure important information like that is not on CDs that are not under tight control by the company?"

MacDermott said Deloitte had made the CD for backup purposes, and it was their decision not to encrypt the data.

"It's not something that was directly in our control," MacDermott said. "We have policies in place to prevent this from happening . . . data compromised occurred on their end, as opposed to our end."

Over the past year, more than 53 million consumer profiles in the United States have been lost, hacked or stolen, according to the Privacy Rights Clearinghouse, a consumer advocacy group. Companies have been forced to disclose the information due to a pioneering California law that requires businesses to notify individuals if their information has been potentially exposed.
SOURCE: CNET; Mercury News