AT&T management staff data on stolen laptop

Share this article:
Updated on Wednesday, June 4 at 5:52 p.m. EST

An undisclosed number of management-level workers at AT&T have been notified that their personal information was stored unencrypted on a stolen laptop.

The laptop was stolen May 15 from the car of an employee, Walt Sharp, a spokesman for AT&T, told SCMagazineUS.com on Wednesday. The data on the computer was not encrypted -- a violation of company policy -- and included names, Social Security numbers and in some cases, salary and bonus information.

Sharp said the company would not disclose the number of affected individuals, but there is no reason to believe any of the data was being targeted when the machine was stolen.

"Usually these are property crimes in which the drive is wiped clean and resold for profit," he said.

The employee who was in possession of the laptop when it was stolen has been disciplined.

"There are a number of rules governing the handling of encrypted material and the mobile devices handling that material that employees must follow," Sharp said. "It is up to the employee to ensure that any sensitive material is encrypted."

AT&T used the breach as a reminder that employees must follow policies.

This is the second major recent breach to involve an unencrypted laptop. Two weeks ago, Connecticut state officials announced that a Bank of New York Mellon contractor lost a laptop containing the personal information of some 4.5 bank customers.

Andy Kicklighter, director of product marketing for GuardianEdge, provider of mobile data protection solutions, said businesses must prioritize the need for laptop encryption and search for solutions that allow for simple implementation and manageability.

"IT organizations are afraid that it will be a big project," he said, adding that companies who have never experienced a data-loss incident also have difficulty understanding the ramifications of a breach.

"It just hasn't reached their priority level," Kicklighter told SCMagazineUS.com.

AT&T on May 23 began notifying victims through email and standard mail and is offering them free credit monitoring.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.