February 23, 2006 10:46 AM PST

Auditor loses McAfee employee data

An external auditor lost a CD with information on thousands of current and former McAfee employees, putting them at risk of identity fraud.

The disc was lost on Dec. 15 by Deloitte & Touche USA, McAfee spokeswoman Siobhan MacDermott said Thursday. The Santa Clara, Calif.-based security software company was first notified on Jan. 11, and on Jan. 30, it received particulars of the data that may have been on the CD, MacDermott said.

The disc contained personal details on all current U.S. and Canadian McAfee workers hired prior to April 2005 and on about 6,000 former employees in the same region, MacDermott said. (The security company currently has approximately 3,290 employees worldwide.) The information wasn't encrypted and potentially includes names, Social Security numbers and stock holdings in McAfee.

"We notified our current and former employees last week and the week before," MacDermott said. "We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services."

Deloitte & Touche confirmed the incident. "A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket," a representative for the professional services firm said. "We are not aware of any unauthorized access to this data in the two months since the CD was lost."

The McAfee incident is the latest in a string of data security breaches. In the last 12 months, more than 53 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

McAfee has arranged for past and present U.S. employees to receive free services for up to two years from credit reporting agency Equifax. Similar arrangements are being made with a credit monitoring provider for Canadian employees, MacDermott said.

Deloitte & Touche USA is a multibillion-dollar professional services firm that provides audit, tax, consulting and financial services.

See more CNET content tagged:
auditor, McAfee Inc., identity fraud, professional services, worker

13 comments

Join the conversation!
Add your comment
That's ironic
Don't you think? A little too ironic, I really do think.
Posted by (16 comments )
Reply Link Flag
Slackers!
What a bunch of slackers, but watch how the State Attorney General under Arnie S! takes no criminal action proceedings, against these incompetents!

Yet, we have been told they are here, to serve and protect! Yeah, only when suits them!

Slackers all! is the polite description!!!!!!
Posted by heystoopid (691 comments )
Reply Link Flag
Competitor??
So Ian - either you work for a competitor, or you used to.... but hey, no jealousy in your statement is there...
Posted by IngenFelix (1 comment )
Link Flag
Government Intrusion?
I'm not sure you want government intrusion unless you advocate socialism and want the government involved with EVERY aspect of your life!
(And Arnie sure is making a great governator, isn't he?)
Posted by kquickkquick (21 comments )
Link Flag
Ummm
With more such incidents on the rise, (lost user data, spamming, phishing, hacking) is it ever possible to secure data?
Let's see where my mindless rambling takes us.

Consider a few possible scenarios. Which one of the below methods is the most secure?

a. CD format for use as online storage tends to be hacked in some ways.
b. Central point of storage to prevent lost information and easy user access.
c. Obtain details through phone or other means and then store it in a central server which is not accessible through the net, only secure access on the LAN.
d. No user data required. Why store it in the first place? Let the customer carry a smart card or identifier with him containing all user data including balances and account information. The update or changes could be made to the identifier or smart card itself. The company only maintains the net accounting information applicable to them. (The identifiers would need to be changed annually to prevent duplication.)

Aha! Now you see what I was hinting!

Why should I entrust some careless joker with my information when I should be responsible for it?

Any suggestions?
Posted by Shoppingkart (8 comments )
Reply Link Flag
Ahem!
Before someone jumps the gun, my previous message was for banking, not McAfee audits! ;)
Posted by Shoppingkart (8 comments )
Link Flag
I don't know about PCs, but
on a Mac, you can use Disk Utility (Applications:Utilities:Disk Utility)
to create a disk image with 128 bit AES encryption. You can then
burn the image to a cd/dvd, so if you lose the disk, the data is still
fairly secure. Windows people keep telling me there's more
software for the PC, but is that just games? Can't you find a way to
do this in Windows?
Posted by Macsaresafer (802 comments )
Reply Link Flag
Encryption
There has always been 128 bit encryption for PCs just before the release of Win2K. In fact if you see it's 256 bit for some enterprises. But 'fairly' is what we get regardless of a Mac or a PC! I am talking about security without operating systems. ;)
Posted by Shoppingkart (8 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.