Know the Risk: Digital Transformation's Impact on Your Business-Critical Applications REGISTER >
It never made it.
Now, Alcatel-Lucent is working with state, local and federal authorities in order to track down how and why the disk containing social security information on company retirees and their dependants was lost or stolen.
The company said the information contained on the computer disk included names, addresses, Social Security numbers, date of birth and salary data of Alcatel-Lucent U.S.- paid employees who worked for Lucent (prior to its merger with French networking company Alcatel) and their dependents, and Lucent retirees and their dependents.
With the news, which Alcatel-Lucent divulged to its employees yesterday, the networking giant joins an ever-growing list of companies and federal agencies whose data on employees has been lost, stolen, or compromised, putting those employees at risk for identity theft or fraud.
Just this week, IBM (Quote)&Nbspsaid a third-party vendor had lost data tapes that contain the personal information of former employees. The lost IBM data included dates of birth, Social Security numbers, addresses, lengths of employment and other private information. And, similar to the IBM data loss, the data on the Alcatel-Lucent disk was not encrypted.
However, Alcatel-Lucent said the disk did not contain credit card numbers, bank account numbers or password information.
The disk was supposed to be delivered by Hewitt Associates, which helps manage Alcatel-Lucent employee health and benefit plans, to AON, which provides actuarial services. The courier was UPS. It said it was informed on May 7th by one of the vendors that a computer disk containing personal information could not be located.
A spokesman for Hewitt was not immediately available for comment and internetnews.com was not able to reach the other companies by press time.
In the meantime, Alcatel-Lucent spokesman Peter Benedict said the company has asked all vendors to immediately stop shipping personal employee information via courier service. "One of the issues we're looking at is why the information wasn't encrypted or password protected," he said.
New Jersey is a state with a data breach notification law on its books.
The company said it appears that the disk was either lost or stolen between April 5 and May 3. "Although we do not have information that any of the personal information has been misused, as a precaution the company has asked the U.S. Secret Service to investigate and has reported the incident to state and local law enforcement officials. The company also has launched an internal investigation and is working closely with law enforcement officials."
In a statement, Frank D'Amelio, chief administrative officer for Alcatel-Lucent, said the company recognizes "that we have a responsibility to carefully protect this type of information and deeply regret this loss. We are taking steps to try to prevent this from happening in the future. In the meantime, we will provide information and assistance to our employees and retirees to help them minimize any potential risk this incident could create for them."
After sending e-mails to its employees about it Thursday, Alcatel set up a Web site, internally and externally, where employees, retirees and dependents can get more information, including suggestions on actions they can take to protect themselves against identity fraud. Letters to all the impacted employees are also going out.