VeriSign, the company that operates an array of network infrastructure and provides a variety of security and telecom services, has suffered a data breach.

On July 12 or 13, a company laptop was stolen from an employee’s vehicle in a parking garage in California. The laptop contained data for an undisclosed number of current and former employee names.

The data breach included names, Social Security numbers, dates of birth, salary information, and home phone and addresses for VeriSign employees.

Here is an excerpt from the 5-page letter sent to VeriSign employees affected by the data breach:

VeriSign already has a strong Information Security Policy in place, which in this case was unfortunately not followed. VeriSign’s Information Security Department issues a quarterly publication to remind employees of this policy. For this incident, we disabled any access by the employee’s computer to the VeriSign network or any information located on the VeriSign network, going forward, and we are reviewing our security procedures to help prevent a recurrence of this type. Among other things, we plan to implement procedures to more strictly enforce our policy of encrypting sensitive data stored on company computers.

The employee responsible has left the company, and VeriSign is working to strengthen its data-protection policies, which were not followed in this case. Current policies state that data storage should be minimized & encrypted and that laptops should not be left in vehicles. In this case, the data was not encrypted; the laptop was password protected, although this offers little protection. VeriSign’s security policy does not include more stringent laptop security solutions above encryption, but probably should.

Local police believe the laptop theft to be tied to a number of local burglaries. No evidence of identity theft has yet appeared. VeriSign has sent a letter to victims notifying them of the breach and the risk for identity theft. VeriSign will provide credit monitoring services.

VeriSign may suffer a more prolonged consumer reaction to the breach. Seeing a security services provider subject to a data breach lowers consumer confidence in their abilities.

Via attrition.org, sc magazine, consumer affairs, wizbangblog ; image via cohdra on morguefile Tags: , , , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati