Security Strategy, Plan, Budget

VeriSign suffers data breach after July laptop theft

VeriSign, the digital certificate vendor responsible for the internet's .com and .net domains, suffered a data breach last month when a laptop was stolen from an employee's vehicle.

An undisclosed number of current and former employees are at risk of identity theft after the burglary, which took place July 12 or 13 in a parking garage in northern California.

The laptop contained names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses of an undisclosed number of VeriSign employees, according to a notification letter sent to victims.

The Mountain View, Calif.-based company revealed that bank account numbers and password information were not stored on the device.

The breach was first reported on the wizbang blog on Friday.

VeriSign said today in a statement that the employee has left the company. The vendor said it is working to shore up its data-protection policies, which were not followed in this case.

VeriSign disclosed that it has "no reason to believe that the thief or thieves acted with the intent to extract and use this information. The local police have said the theft may be tied to a series of neighborhood burglaries."

"VeriSign is committed to making sure current and former employees whose personal information may have been on the stolen laptop have the support they need to monitor their credit and know how to respond if they identify any problems," VeriSign said today in a statement. "The company has a policy on how to manage laptops that contain sensitive information and company data — which in this case was not followed. That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type."

Avivah Litan, Gartner vice president and distinguished analyst, told today that laptop thefts have "zero impact on the bottom line," but said she was disappointed to see a security vendor suffer a breach.

"Certainly a missing or stolen laptop is common, but you don’t want to see that event at a managed security services provider," she said. "It lowers confidence in their abilities when they’re subject to the same breaches they’re helping their customers with."

Last month, Kingston Technology, a data security vendor, reported a breach initiated when thieves infiltrated a company computer two years ago. That hacking put the credit card files of 27,000 customers at risk.

Kingston has said that none of the financial information was misused.

IBM was the victim of a data loss incident in May, when a third-party vendor lost an undisclosed number of tapes while transporting them between an IBM location in Westchester County, N.Y., to a permanent storage facility.



Click here to email Online Editor Frank Washkuch.

Click here for the latest SC Magazine Podcast – Aug. 6, 2007: Interview with Jeff Moss, Black Hat founder and director.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.