A laptop housing the personal information of current and former VeriSign employees has been stolen, exposing them to potential identity fraud.
It is not known how many identities were exposed when the laptop was stolen from the car of a former employee last month. The company, whose product line includes security services and tools, said there's no indication of fraudulent activity thus far.
The vendor said it is taking the theft "very seriously" and that it started an investigation the moment the theft was discovered.
"The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee's computer to the VeriSign network," VeriSign said in a public statement.
The company said the car was burglarised while parked in the employee's Northern California garage between the evening of Thursday, July 12, 2007 and the morning of Friday, July 13, 2007. The laptop may have contained such personal information as names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses. But it did not include credit card numbers, bank account numbers, or password information, nor did it contain any information on VeriSign customers, the company said. The vendor also noted that the employee responsible for the laptop has since left the company.
"We are contacting all individuals whose personal information may have been on the stolen laptop," the company statement continued. "We have no reason to believe that the thief or thieves acted with the intent to extract and use this information; the police have indicated that there may be a connection to a series of petty thefts in the neighbourhood. The laptop was fully shut down and requires a username and password to log on to the Windows application. To our knowledge, the thieves do not have the password."
The incident may be especially embarrassing to VeriSign since it is known, among other things, for its security offerings. The company bills itself as the leading secure sockets layer (SSL) certificate authority enabling secure e-commerce and communications for Web sites, intranets, and extranets. It also owns the iDefense Security Intelligence Service.
The theft or loss of laptops with sensitive data has become all to common in the past year. The most notorious case involved the theft of a laptop and external hard drive containing personally identifiable information on 26.5 million veterans and active-duty military personnel.
The VA laptop was found approximately a month later and law enforcement officials believe that none of the sensitive data was even accessed by the thief. However, the VA's handling of the incident and slow response led to an internal investigation that resulted in a scathing report from the department's Office of the Inspector General.