VeriSign employee data exposed in laptop theft

A laptop housing the personal information of current and former VeriSign employees has been stolen, exposing them to potential identity fraud.

The local police have said the theft may be tied to a series of neighborhood burglaries. VeriSign,

It is not known how many identities were exposed when the laptop was stolen from the car of a former employee last month. The company, whose product line includes security services and tools, said there's no indication of fraudulent activity thus far.

The vendor said it is taking the theft "very seriously" and that it started an investigation the moment the theft was discovered.

"The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee's computer to the VeriSign network," VeriSign said in a public statement.

Laptop security: Laptop theft affects 160,000 Neiman Marcus employees: A laptop, stolen from a consultant, contained sensitive data of about 160,000 current and former Neiman Marcus employees. How can I protect the sensitive information that resides on my laptop? Learn how to safeguard data that resides in your laptop in this Network Security Ask the Expert Q&A. Encryption planning can reap benefits Study: Office likely location for laptop lifts: A study by Credant Technologies found the office to be the most common place for a laptop to be stolen, despite physical security measures

The company said the car was burglarised while parked in the employee's Northern California garage between the evening of Thursday, July 12, 2007 and the morning of Friday, July 13, 2007. The laptop may have contained such personal information as names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses. But it did not include credit card numbers, bank account numbers, or password information, nor did it contain any information on VeriSign customers, the company said. The vendor also noted that the employee responsible for the laptop has since left the company.

"We are contacting all individuals whose personal information may have been on the stolen laptop," the company statement continued. "We have no reason to believe that the thief or thieves acted with the intent to extract and use this information; the police have indicated that there may be a connection to a series of petty thefts in the neighbourhood. The laptop was fully shut down and requires a username and password to log on to the Windows application. To our knowledge, the thieves do not have the password."

The incident may be especially embarrassing to VeriSign since it is known, among other things, for its security offerings. The company bills itself as the leading secure sockets layer (SSL) certificate authority enabling secure e-commerce and communications for Web sites, intranets, and extranets. It also owns the iDefense Security Intelligence Service.

The  theft or loss of laptops with sensitive data has become all to common in the past year. The most notorious case involved the theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.

The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.