Breach, Threat Management, Data Security, Incident Response, TDR

Horizon 300,000 members unencrypted data on stolen laptop

Horizon Blue Cross/Blue Shield of New Jersey has notified more than 300,000 of its members that their personal information – including Social Security numbers – was contained in a laptop stolen in Newark earlier this month.


The New Jersey insurance giant, which services more than three million customers in the state, said that because the data on the stolen laptop was password protected and programmed to be automatically deleted by the computer on Jan. 23, the exposure of affected customers is limited.


According to the company, the laptop was stolen on Jan. 5 while it was being taken home by an employee who regularly works with member data. Medical information was not included in the data contained on the stolen unit, and not all of the names and addresses on the hard drive included Social Security numbers, the company said. Horizon is offering affected customers a year of free credit monitoring, and has notified the state Department of Banking and Insurance and federal authorities of the theft.


According to a report in the Star-Ledger of Newark, Horizon investigators believe the thief targeted the computer and not the information stored on it. Thomas Rubino, Horizon's director of public affairs, told the newspaper that the laptop was not taken during a robbery, but declined to provide specific details regarding what is known by the company about the theft.


The Horizon Blue Cross incident is the latest in a series of recent data exposures involving unencrytped personal information residing on unsecure laptops or external hard drives which have then been stolen.


Earlier this week, T. Rowe Price disclosed that thieves had acquired two laptops containing sensitive information for thousands of people enrolled in 401(k) retirement plans managed by the global investment firm. The hard drives on the two pilfered machines contained the names and Social Security numbers of 35,000 individuals, the company said. 


Last month, a laptop containing the personal information of a number of Deloitte & Touche partners, principals and other employees was stolen while in possession of a contractor responsible for scanning the accounting firm's pension fund documents.

Also, it was revealed this week that an external hard drive containing the the sensitive data of 38,000 current and former students, faculty and staff of Georgetown University in Washington, D.C., was stolen last month.

Security analysts have long warned that in an environment in which data theft is now a burgeoning criminal enterprise – and laptops remain a tempting and easy target for common criminals who may grab the unit for its own value and then later discover they have acquired a bonanza of valuable data -- encryption of sensitive data should be standard procedure when this data is contained on any portable devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.