Company Continues Bad Information Security Practices
Stories about thefts of personal data are dime-a-dozen these days, and are generally not worth writing about.
This one has an interesting coda, though.
An employee hoping to get extra work done over the weekend printed out 2004 payroll information for hundreds of SafeNet’s U.S. employees, snapped it into a briefcase and placed the briefcase in a car.
The car was broken into over the weekend and the briefcase stolen—along with the employees’ names, bank account numbers and Social Security numbers that were on the printouts, a company spokeswoman confirmed yesterday.
My guess is that most readers can point out the bad security practices here. One, the Social Security numbers and bank account numbers should not be kept with the bulk of the payroll data. Ideally, they should use employee numbers and keep sensitive (but irrelevant for most of the payroll process) information separate from the bulk of the commonly processed payroll data. And two, hard copies of that sensitive information should never go home with employees.
But SafeNet won’t learn from its mistake:
The company said no policies were violated, and that no new policies are being written as a result of this incident.
The irony here is that this is a security company.