TMCnet News
Stolen laptop had bank data of 50,000: Mercantile offers credit monitoring to Potomac customers(Baltimore Sun, The (KRT) Via Thomson Dialog NewsEdge) May 13--It's a story that has become too familiar: Employee takes home work containing sensitive company and client information. And it gets stolen. This time, it happened to Baltimore's Mercantile Bankshares Corp. Yesterday the company said that a laptop computer containing Social Security and account numbers for nearly 50,000 customers of its Bethesda-based Mercantile Potomac Bank was stolen a week earlier from a worker's car off company property. It was the most recent in a string of incidents around the country that raised fears of widespread identity theft. None of the Mercantile Potomac customers has reported suspicious activity, the bank said, but it is offering affected clients one year of a credit-monitoring service, at bank expense, to alert them to any fraudulent activity. Stephen K. Heine, senior vice president of Mercantile's client service group, said the employee violated bank policy by taking the laptop out of the office and, "as chance would have it, his car was broken into and in the car was a computer." "The employee violated our security policies, and we consider that very, very serious and take great safeguards to ensure that doesn't happen," Heine said. Mercantile did not identify the employee and would not say what disciplinary action, if any, was taken. But why is such personal information on a laptop in the first place? Why do employees take it home? And do businesses do enough to prevent such incidents? Improvements in technology allow businesses to store data on a variety of portable devices - from laptops to iPods to USB memory keys, experts said. Today's laptops are so powerful that a marketing professional who wants to check whether his company should invest in a new product can do the data analysis on a laptop, said Jerry Silva, research director for retail banking and delivery channels at TowerGroup, a financial-services consulting firm in Needham, Mass. But few companies have rules or policies on what type of work documents and equipment can be taken off-site, said Peter Cappelli, director of the Center for Human Resources at the University of Pennsylvania's Wharton School. And when there are regulations, often they're not made clear to employees, he said. Complicating the matter is that bringing work home is becoming more widespread, Cappelli said. Portable technology makes it that much easier, he said. In fact, one in five Americans do some or all of their work at home, according to the U.S. Bureau of Labor Statistics. In recent years, a number of companies have substituted laptops for desktop computers so that employees can be more mobile and work outside the "confines of the 9-to-5 and Monday-to-Friday" environment, said John A. Challenger, chief executive of Challenger, Gray & Christmas, a global outplacement company in Chicago. "Like so many things in the new technology era we're in, for many companies this is an accident waiting to happen," he said. Last May, an employee of Safenet Inc., a Belcamp-based information security company, was determined to get some work done over a weekend. He printed out payroll information on employees - including their names, Social Security numbers and bank account numbers - and put it into a briefcase. He left the briefcase in the car, and it was stolen during a break-in. At T. Rowe Price, the Baltimore-based investment firm, some associates and executives have laptops because of frequent travel and to have access to information and e-mail, said spokesman Steven Norwitz. The company discourages its employees from storing client data on laptops and has guidelines to limit information that workers carry with them, he said: "Any information taken outside the office is limited to only what they have to have." Some companies are reacting to recent incidents of stolen information by taking additional steps to secure their sensitive data, such as wiping it off laptops once they're done using it, Silva said. But Robert L. Siciliano, author of The Safety Minute: Living on High Alert; How To Take Control of Your Personal Security and Prevent Fraud, said businesses should encrypt the data on their laptops to reduce the chances of compromising the data. Often a laptop is stolen for the value of the computer, and the thief has no idea what he has, Siciliano said. But if a thief were to discover names and security numbers on a laptop, he or she could easily start filling out credit card applications under a stolen name.Forty-two percent of all identity theft is committed through credit card fraud, he said. An additional 20 percent is through utility fraud - where a person opens an electric, gas or phone line under someone else's name - and 13 percent is bank fraud, or opening a back account under a stolen identity, bouncing checks and getting loans under that name, Siciliano said. The laptop stolen from the Mercantile Potomac Bank employee May 5 contained Social Security and account numbers, but it did not have passwords or PIN numbers, according to the bank. Heine of Mercantile called the incident "an anomaly where an employee broke company policy and procedures." But experts wondered why such personal information is ever on a laptop, whether it's in the Mercantile case or any other bank. "What is the purpose of having the laptop that has the account numbers and Social Security numbers of 50,000 employees on it?" Siciliano said. "I don't understand. What is the purpose of that?" Bert Ely, an independent banking consultant in Alexandria, Va., agreed: "I would think, given the number of instances we've had like this ... the people with these databases would put safeguards in place that would keep this kind of data off the laptops. It's not clear to me why data like this ever has to be on a laptop." The Mercantile incident comes after Wells Fargo & Co. said last week that a computer with the names, addresses, Social Security numbers and mortgage loan account numbers of customers and prospective customers was missing and possibly stolen. The computer disappeared while being transported by an express shipping company from one Wells Fargo facility to another, the company said. Fidelity Investments also acknowledged earlier this year that a laptop containing almost 200,000 clients' financial information was stolen from an undisclosed public location, according to media reports. "It's become a shadow on the entire industry," Silva said. Ely suspects that the banking sector will implement more protections when it comes to downloading vast amounts of data onto portable machines. "These wholesale losses of identity data are a serious problem for the banking industry," Ely said. "Hopefully what comes out of it is lessons learned about how to prevent it in the future." |