Thief jets with Boeing staff data

In a scenario that's become all too familiar over the past couple of years, a Boeing employee had his unattended laptop swiped, and it contained the personal information of about 328,000 Boeing workers and retirees, according to the reports.

The company was vague with the details, saying the theft occurred earlier this month but did not say where. The stolen system was reportedly password-protected, but the data was not encrypted.

While the lifted laptop did contain employee names, Social Security numbers, salary information, and other data that could be used for identify theft, it didn't store any proprietary customer or supplier data, a Boeing spokesman said.

The company will give affected employees free credit monitoring, a common gesture on the part of organizations that have let private data slip.

According to, credit monitoring is of minimal value to individuals facing potential ID theft.

"Critics and consumers have noted that typical credit monitoring services are extremely limited, only covering fraud that results from usage of the credit card number. Stolen Social Security numbers can be reused to create new identities and open new accounts, which are not detected by fraud alerts."

"In fact, credit agencies will simply open a new sub-file for the new account, and not inform the original number owner. Victims of SSN-based identity theft often do not find out unless a debt charged by the new accountholder comes to them."

I continue to find it disturbing that large companies like Boeing (which has suffered two other leaks in the past 13 months of so), Chevron, and Wells Fargo, which should have both strict security policies regarding the transport of private data, as well as the financial means to invest in data-leak prevention and encryption technology, continue to suffer embarrassing and costly leaks.

To its credit, Boeing says it is working to implement encryption technology, a project it began after a data theft incident last April. According to, "Boeing decided to start a project that would automatically encrypt files as they are pulled off the server... . The first groups to test this technology will be those working with employee data, but the encryption procedures eventually will be implemented in other areas of the company that deal with sensitive data. "

Other companies need to follow suit. This time, it was employee data that was stolen, the impact of which is perhaps relatively minor on the company's bottom line. Next time, what if it is indeed proprietary company data, or customer details, that get leaked?

Or perhaps companies are more diligent about protecting the latter. Again, the cost of dealing with an employee-data leak isn't negligible, but it's not the same as leaking application code or top-secret plans -- at least not to a company. The employees who have to deal with cleaning up their credit reports may feel differently.

Maybe it will take successful legal action on the part of those employees to compel other companies to be more diligent. I'm no fan of frivolous, get-rich-quick lawsuits, but I don't think this fits in that category.