Boeing's Stolen PC Is Packed with Employees' Personal Data

Nov. 21, 2005
Names, SSNs, birth dates and banking info for 161,000 was on stolen computer

Nov. 19--Highly sensitive personal data on 161,000 current and former Boeing workers are missing after the theft of a company personal computer.

The data included "names and Social Security numbers, and in some cases birth dates and banking information," according to a Boeing statement released Friday afternoon.

The news incensed workers who were notified by the company.

"It's absolutely ridiculous if that kind of information is on a personal computer," said Rob Hall, a mechanic in the Integrated Defense Systems division at Boeing Field.

The banking information included names of banks, routing numbers and account numbers for some workers who had elected to have their paychecks directly deposited into their accounts, according to Tim Neale, a Boeing spokesman.

No credit-card numbers were on the computer.

The information was password protected, Neale said. "It was locked and thus not easy to access the information."

Boeing's statement also said the company "has no evidence that any of the personnel-related data on the computer has been accessed or misused, and there was no classified, supplier, customer, engineering or material financial information on the computer."

A contract engineer in Everett, who asked not to be named, was stunned that Boeing would allow so much information to reside on a single personal computer.

"That data normally resides on very secure servers in the company's vaults, so to speak. What's a guy doing with that amount of data on a laptop?" he said.

The engineer, whose name was on the stolen computer even though he is not a full-time Boeing employee, said workers in Everett found out about the theft around 3 p.m., and it quickly became a hot topic of conversation.

Boeing's initial reaction left some workers dissatisfied.

"Everyone here is saying, 'Boeing did this, they should be using their resources to fix it.' Instead they are telling us what you can do to deal with this," the engineer said.

Boeing is contacting each person whose name was on the computer. Current workers received an e-mail Friday from Rick Stephens, senior vice president of human resources, informing them of the theft and outlining the services Boeing is making available to help safeguard their data.

"We are helping them enroll in fraud-alert programs at the three major credit-monitoring agencies and additionally will pay for their enrollment in ongoing credit-monitoring services if they choose to sign up," Stephens said in Boeing's public statement.

Former workers listed on the computer will receive a letter in the mail.

Investigators believe the theft was carried out by "a ring of thieves that has been active in the area where the theft occurred," according to the e-mail sent to employees. It did not specify the location.

Investigators said it is possible the perpetrators were not aware what data the computer contained.

Roughly half of the people whose names were on the computer now work at Boeing. The rest are retirees or people who have moved on to other companies, said Neale, the spokesman.

The list includes people from all Boeing divisions and people from across the country.

The computer belonged to an employee who was at an off-site location.

At the request of law-enforcement agencies that are helping Boeing investigate the matter, Boeing declined to reveal the circumstances of the theft, including when, where and how the computer was stolen.

The worker was authorized to have the data on his computer as part of his job, Neale said. However, he "did not follow security procedures for having sensitive data off site," Neale added. He declined to outline those procedures.

Neale also declined to describe the exact nature of the employee's duties at Boeing, but a company source said he worked in the human-resources department.

A question-and-answer sheet attached to Stephens' e-mail to affected employees said "appropriate corrective action is being taken" with regard to the worker whose computer was stolen. "Because it is a personnel issue, we cannot discuss it publicly."

In the e-mail, Stephens said he has directed his team to quickly find and plug security holes.

"I am currently leading a total review of our processes on personal data storage and eliminating vulnerabilities so we will not be subject to this type of situation again," he said.

"We are working aggressively to mitigate the potential effects of this theft," Stephens said. "Boeing sincerely apologizes for the inconvenience and frustration this may cause you."

By David Bowermaster, Dominic Gates and Melissa Allison

BOEING RESOURCES:

--Read Boeing's letter and advice to those who may be affected at seattletimes.com

--How to find out if your information is on stolen PC

--Boeing widens its lead in sales of commercial jets

--To find out if your personal information was on the stolen computer: If you haven't received an e-mail, call the company's TotalAccess information service, 866-473-2016.

--If you know your information was stolen: Contact one of the three large credit-reporting agencies, Equifax (800-525-6285), TransUnion (800-680-7289) or Experian (888-397-3742) and put a fraud alert on your credit report.

--Also, contact the data privacy hotline Boeing has established at 312-544-2506 or by e-mail at [email protected].

Source: Boeing