Administaff laptop theft exposes 159,000 to ID fraud

Only hours after we ran a story Wednesday on missing personal data reported by Home Depot and Iron Mountain, I came across news of Administaff warning that someone stole a laptop with data on 159,000 people. The human resources service provider said in a statement that the laptop contained personal information about Administaff worksite employees during 2006.

“The facts as determined by the company’s investigation strongly indicate that this was a random event, and that the personal information was not specifically targeted,” the company said. “At this time, the company has no reason to believe that the personal information has been accessed or used improperly.”

The laptop was reported missing Oct. 3 and was password protected but the data was not encrypted.

The company said it is “taking steps to notify approximately 96,000 former worksite employees and approximately 63,000 current worksite employees in writing and will offer to them one year of free credit monitoring services with fraud resolution assistance. Administaff has also established a toll-free dedicated helpline and Web site for affected individuals and clients.”

In yesterday’s story about the Home Depot and Iron Mountain security breaches, Wave Systems CEO Steven Sprague stressed the importance of encrypting data and also having a system in place to prove data is encrypted in the first place.

Given all the headlines we keep seeing about stolen laptops, one would expect companies and their contractors to realize by now that they can’t afford to skip hard-drive encryption on portable drives. With an increasingly mobile workforce using laptops in airports, at home, in hotels and coffee shops, protecting stored data is more important than ever.