Eden Project hit by paroll laptop theft
17.06.2007
The bank details of 500 Eden Project employees and important customer data were put at risk when a laptop was stolen from the car of an employee working for the ecology attraction's payroll supplier. John Stokdyk reports. Police are investigating the theft on 1 June of a PC from the car of a Moorepay employee, the BBC reported.
The Eden Project's creator Tim Smit confirmed the computer contained personal details of employees of several companies, including the Eden Project. The information held on the PC include employee names and addresses, plus bank details, NI numbers and salary/wage rates of around 500 employees.
"Suffice to say we are appalled at the lapse of security and are making sure that our personal data is never put in such a vulnerable position again," he said.
A spokesman for Moorepay, a subsidiary of the Northgate HR group, commented: "Moorepay takes its security very seriously and will look at the implications and tighten up its security arrangements."
The theft appeared to be opportunistic and that thief may not be aware of the value of the data the PC contained. So far, no malicious activity has been reported, but that could change with all the media coverage, he warned.
The PC was password-protected, but the data was not encrypted; this may well be an area the company will investigate, he added.
Laptop thefts continue to present a major security risk for both accountants and financial services organisations. Last year, Ernst & Young and Deloitte were hit by laptop thieves in the US and in November 2006, the Nationwide Building Society revealed a laptop containing customer data had been stolen three months earlier.
Geoff Sweeney, the chief technology officer of IT security company Tier-3 noted that such laptop thefts are a fact of life that emphasised the need to deploy appropriate security processes to protect against the misappropriation of sensitive information.
"This incident highlights the need for all companies handling important data to have effective IT security policies and rigorous compliance procedures in place," he said. "The aggregation and storage of information assets is increasingly making them targets for criminals seeking to profit from the theft of identity details intellectual property or other sensitive information,"
Laptop security has featured several times in previous online conversations. Back in 2005, Steve West asked two key questions about the data stored on the hard disk of a stolen laptop: 1. Can you survive the loss of the data? - If not, it should be backed up elsewhere. 2. Does the data falling into the wrong hands pose a threat? Anything on the laptop that does should be encrypted. This includes any automatic logins that you have set for web site accounts.
Article scoured from www.accountingweb.co.uk
