Forrester Research Data Breach

Who Breached: Forrester Research
Number Affected: undisclosed
Information breached: Social Security Numbers
How: laptop stolen

Forrester Research has exposed the personal data, including Social Security Numbers, of an undisclosed number of current and former employees as the result of a laptop theft.

During the week of November 26, a laptop was stolen from the home of a Forrester employee. The laptop contained personal information for those who have received grants of Forrester stock or have participated in the employee stock plan, as well as information on contractors who have worked with Forrester. The laptop was password-protected, but it is unknown if further security measures were in place.

Forrester specializes in research for Technology and IT professionals, and publish on their website the following:

“Run IT like a business with our best practices, business acumen, technology expertise, assessments and advice.”

Unfortunately, Forrester does not appear to have heeded their own advice, and have not adopted best practices in IT security. Password protection provides no protection for computers in the hands of anyone with access to the Internet – they are easy to crack or bypass. Much more aggressive security practices would include encryption and laptop recovery / remote data wipe software (such as that provided by Absolute).

Forrester “Chief People Officer” Elizabeth Lemons sent out a letter to those affected on December 3, but did not brief the firm’s media staff about the incident. The staff were thus unprepared to handle calls about the breach. As a result, the tier one research firm is the subject of negative publicty this week.

Via eweek Tags: forrester, forrester research, data breach, laptop security, laptop theft, identity theft, it security, business security