Boeing Confirms Security Breach

A laptop theft exposes the personal information of 382,000 Boeing employees and retirees.

Boeing officials confirmed that a laptop containing the personal data of some 382,000 current and former employees was stolen from a former employees car in the first week of December.

Officials of the Seattle-based company declined to say exactly when or where the theft occurred, but stated that the data stored on the laptop contained Social Security numbers, home addresses and telephone numbers. The employee has since been fired, Boeing spokesperson Tim Neale said.

This was not the first such theft: In November 2005, a laptop was stolen containing the personal data of 161,000 Boeing employees and retirees, and a notebook containing information on 3,600 individuals was stolen in April 2006.

/zimages/5/28571.gifThe cost of data breaches is rising sharply. Click here to read more.

"We havent had any evidence that we are being targeted by an individual or groups in these thefts," Neale said.

The laptop was off at the time of the theft, Neale said, and requires a password to access. Still, the company is in the process of notifying everyone affected by the security breach. He said that although the employee using the laptop was authorized to have the information, the employee should not have taken that information off premises.

/zimages/5/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

After the previous thefts, Boeing began looking for ways to phase out the use of Social Security numbers to identify employees, and also began looking into the automatic encryption of any sensitive personal or company information downloaded, Neale said.

All employees and retirees whose information was exposed will be signed up for credit monitoring, he said.

The latest Boeing theft is a milestone of sorts. According to the Privacy Rights Clearinghouse, a nonprofit that has tracked data breaches in the United States since February 2005, the number of records reported to have been exposed by such incidents has now passed the 100 million mark.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.