Stolen laptop contains data on 196,000 HP staff

Fidelity Investments Institutional Services Co. is promising to reimburse Hewlett-Packard employees and retirees for any losses that result from the theft last week of a laptop loaded with their personal financial data.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The theft occurred March 15, when a small group of Fidelity employees held a business meeting at a site belonging to neither Fidelity nor HP, said Anne Crowley, a Fidelity spokeswoman.

One attendee had loaded his company laptop with software including a database of personal financial data of 196,000 participants in HP sponsored retirement plans managed by Fidelity.

"It is not our practice to have that level of data on a laptop," said Crowley. "We limit significantly the use of such confidential data outside of Fidelity to only those instances where the information is appropriate or required for meetings with clients about their specific plans and participants."

Fidelity, in Boston, provides services to the HP defined benefit and defined contribution plans, said Brigida Bergkamp, an HP spokeswoman.

Since the theft, both HP, in Palo Alto, California, and Fidelity have alerted the current and former HP employees who were affected, she said.

In a letter, Fidelity said it had notified three credit reporting bureaus of the theft, and offered free enrollment for one year in a credit monitoring service. Fidelity also pledged to demand extra authentication from anyone trying to access the affected accounts.

Fidelity investigators have hastened to reassure the HP workers, saying their investigators have found no evidence that the data is being abused.

Fidelity also says the data is now scrambled, because the license for the laptop's software has now expired, making the information "difficult to interpret and generally unusable."

Also, law enforcement authorities say that a spate of stolen laptops in that area consists of "property-related thefts rather than data thefts," Crowley said.

Still, Fidelity has promised to take responsibility for any money stolen from those accounts.

"If we conclude an unauthorized transaction has taken place in their Fidelity account as a result of this incident, we will reimburse them for account losses connected with the unauthorized transactions," Crowley said.

But the damage could spread much further. The stolen information consisted of "personally identifiable information about plan participants," which means criminals could potentially use the employees' names and social security numbers for identity fraud in any financial matter, not only their retirement accounts.