Aetna says laptop with member data stolen

Computer containing personal information on about 38,000 members was stolen from employee's car, company says.

The story "Aetna says laptop with member data stolen" published April 27, 2006 at 2:54 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

[jhencken]

Employees are carrying around personal medical insurance data???

Why on earth was there personal data on a laptop, anyway? It should have been on a server accessed by the employee's laptop using a secure connection. If Aetna is so stupid about security, I'm surprised more breaches haven't occurred already!

[kimedou]

data stealing

Am I the only one that is concerned about all the information
being stolen that pertains to the military, NAF and government?
How can we expect to be safe when the people who protect us and
represent us aren't even protected?
No one should have customers personal info on a laptop!

[kimedou]

data stealing

Am I the only one that is concerned about all the information
being stolen that pertains to the military, NAF and government?
How can we expect to be safe when the people who protect us and
represent us aren't even protected?
No one should have customers personal info on a laptop!

[kimedou]

data stealing

Am I the only one that is concerned about all the information
being stolen that pertains to the military, NAF and government?
How can we expect to be safe when the people who protect us and
represent us aren't even protected?
No one should have customers personal info on a laptop!

[kimedou]

data stealing

Am I the only one that is concerned about all the information
being stolen that pertains to the military, NAF and government?
How can we expect to be safe when the people who protect us and
represent us aren't even protected?
No one should have customers personal info on a laptop!

[kimedou]

data stealing

Am I the only one that is concerned about all the information
being stolen that pertains to the military, NAF and government?
How can we expect to be safe when the people who protect us and
represent us aren't even protected?
No one should have customers personal info on a laptop!

[ragjunk]

Why aren't the laptops encrypted?

First of all, it shows the stupidity of a company where the employees travel around with laptops containing sensitive information. This is, even after the recent news about laptops being stolen at other places. Even more stupidity is the fact that the information is not encrypted. These companies show absolutely no respect for the customer privacy and I hope, someone takes a serious action against them for their negligance.

[marileev]

Security-Consumers must Demand it

There have been a plethora of these stories in the news from Fidelity to HP. Government mandates like HIPAA, SEC 17-a (record retention) nor Sarbanes-Oxley (sections 802 Document Integrity and 1102 Document Tampering) seem to be enough to dissuade companies from protecting consumer, client or patient information.

The software to encrypt records on laptops does exist, for example Essential Taceo (<a class="jive-link-external" href="http://www.gettaceo.com" target="_newWindow">http://www.gettaceo.com</a>) has Remote Laptop Security. If a user's laptop or computer is stolen, the user can log-in to their account from another computer and remotely deny access to all files secured with Taceo that are stored on their laptop or computer - <a class="jive-link-external" href="http://www.essentialsecurity.com/pressroom/press_releases/pr_taceo16.htm" target="_newWindow">http://www.essentialsecurity.com/pressroom/press_releases/pr_taceo16.htm</a>

--Marilee V.

[heystoopid]

The old story

The same old story, of the inept, the incompetent and the stupid who work for corporations, where the word security is neither in the company's manual or lexicon!, or any other level from the top down!

Pay peanuts, get lots of yes monkeys instead!

[Stating]

Memory Sticks And CDRW

The amount of sensitive data that is lost is probably understated by a factor of 10. How many worker bees are taking home Excel files, Word docs, or Access databases that contain sensitive data on memory sticks and CDs. Or even mailing docs to themselves at their Yahoo/MSN email account.

On the demand side, those 10-12 million illegal aliens who aren't in jail are out on the streets working. They all have social security numbers. Hillary, Jessie, and Georgie Porgie don't care where they got the fake numbers from, but they didn't come from the local 7-11 or Walmart. Nope, at least some of them got them from card sellers who paid sources to get them fresh numbers.

It seems to me that the only way out of this pickle is to require biometric data to prove that you say you are who you are. The SSN can then be printed in phone books for all I care.

[backgroundnoise]

Aetna has offered to pay...

"Aetna has offered to pay for credit monitoring services for the affected members to help prevent potential misuse of the information."

Shouldn't this line instead read:

Aetna has offered to pay 30% of the credit monitoring services, with the member covering the cost of the remaining 70% to help prevent potential misuse of the information.

[ksteadman]

Whole Disk Encryption Needed

A recent study by The Ponemon Institute suggests that companies that have a loss or theft of personal information requiring notification do incur significant direct and indirect expenses. The most salient costs result from the diminishment of confidence and trust in the company, which translates into abnormal or unexpected customer turnover. The research is encouraging to those who believe the proposition that good privacy and security practices have a positive return on investment.

PGP Whole Disk Encryption for Enterprises allows organizations to address compliance and risk mitigation by encrypting files with centrally managed full disk encryption. All files on protected drives are encrypted, including temporary, swap, and system files.

Visit www.pgp.com for more info.

Kristopher Steadman
PGP Corporation
ksteadman@pgp.com

[truffolo]

Laptop Data Security Using Encryption

Most companies that have a high concern about either regulations, asset (brand) protection, lost business or loss of key information are now encrypting their laptops with Whole Disk Encryption products like Utimaco's SafeGuard Easy. By combining encryption with 2 factor authentication tokens, you have very secure laptops and guaranty that the laptops are being used by the intented users.

Tom Ruffolo
truffolo@esecuritytogo.com
www.eSecurityToGo.com