When Laptops Thefts Hit, Retailer Did More than Most to Investigate

When most companies experience thefts of laptops or other security breaches, they notify the cops and send out the obligatory notification letters, and that's pretty much that.

San Francisco's Gymboree, the kids' clothing retailer, took a more proactive stance after a thief recently hit the company twice in the same week, making off with three laptops and potentially endangering as many as 20,000 employees.

The company hired a private investigator to track down the perpetrator --

and this month identified to police someone it believes is a suspect in the case.

Investigators and privacy experts say Gymboree is one of a growing number of companies that recognize the need to take the initiative in security breaches as police departments struggle to keep pace with the hundreds of thousands of laptops that go missing each year.

A study in August by the Ponemon Institute, a privacy consulting firm, found that 81 percent of companies experienced the loss or theft of a laptop last year. Of laptops that go missing, 97 percent are never recovered, the study found.

"Law enforcement just doesn't have the manpower to investigate all these cases," said Robert Richardson, director of San Francisco's Computer Security Institute. "A private investigator has the time to look around black markets and in pawn shops."

Sean Walsh, a Bay Area investigator and former president of the California Association of Licensed Investigators, acknowledged that an increasing number of companies are turning to the private sector for help when laptops disappear.

"In the last few years, I've investigated a couple of dozen cases involving stolen laptops," he said.

Marina Armstrong, Gymboree's senior vice president of human resources and loss prevention, acknowledged in a statement Thursday that the company had experienced a recent security breach. But she declined to provide details of the incident.

"At Gymboree we care about our employees and wanted to treat the matter in a responsible and thoughtful way," she said.

In letters this month to as many as 20,000 employees affected by the incident, Gymboree says only that "three laptop computers were stolen from the corporate headquarters."

What actually happened is that a thief followed a Gymboree exec into the company's South of Market offices and accompanied him in the elevator to the fifth floor, according to an insider with direct knowledge of the situation.

The insider requested anonymity because Gymboree officials are uncomfortable publicizing the incident.

The insider said security tapes show the thief entered a bathroom and didn't emerge again for about an hour. The thief then entered the unlocked office of a senior exec, took a laptop that was on the desk and casually exited the building, the insider said.

Several days later, according to the insider, security tapes show that the same person returned and once again made his way to the office of a Gymboree exec. This time, he made off with an additional two laptops.

The insider said the three laptops contained unencrypted human resources data that potentially included the names and Social Security numbers of thousands of company workers.

Gymboree has 574 retail outlets nationwide, as well as 34 big-box branches and 90 additional shops for its Janie and Jack and Janeville brands.

The company immediately reported the thefts to the San Francisco Police Department, the insider said, and was frustrated to learn that the police weren't hopeful that the missing laptops would be recovered.

"We decided we needed to do whatever we could within the law," the insider said. "We wanted to get those laptops back."

In her statement, Gymboree's Armstrong said that "after reporting the theft to the police, we researched our options and decided to hire a private investigator to also look into the theft."

She added: "The investigator has provided the information that he has collected to the police and is currently working with them on their ongoing investigation."

The insider said the investigator spoke with other businesses in the vicinity and determined that the same person may have been responsible for a series of laptop thefts in the SoMa area.

A spokesman for the San Francisco Police Department confirmed that police have been working with the investigator hired by Gymboree. He said detectives had been asked by the investigator to provide the name of a suspect arrested for trespassing in the SoMa area several years ago.

The spokesman acknowledged that the investigator believes the suspect from the earlier trespassing case is connected to the Gymboree thefts.

"However," the spokesman said, "our burglary section can find no physical evidence to link that person to being the Gymboree thief."

The Gymboree insider said the company is satisfied that at least it attempted to find the thief and recover its laptops in a timely fashion.

"We've done what we felt we needed to do," the insider said. "We wanted to make the effort."

Gymboree's Marina said the company has introduced a variety of security measures as a result of the incident. "Prior to the theft," she said, "we had begun encrypting all company laptops and have now completed this process."

Gymboree also has provided free credit monitoring to an undisclosed number of employees deemed most at risk of identity theft because of the missing laptops.

Walsh, the Bay Area private investigator, is playing no role in the Gymboree case but sees this as further evidence that businesses will increasingly seek outside help when sensitive data go astray.

"Companies can't wait for a police investigation to get going," he said. "That's why they're turning to private investigators."

Larry Ponemon of the Ponemon Institute agreed that use of private investigators in data breaches will continue to grow.

"Law enforcement is way too busy to deal with every stolen laptop," he said. "So we're going to see more and more companies feeling that they have to bring in their own muscle."


Loading