ICANN/GNSO GNSO Email List Archives

[ga]

<<< Chronological Index >>>    <<< Thread Index >>>

[ga] VeriSign Employee Data on Stolen Laptop. Is customer and/or registrant data next?

  • To: General Assembly of the DNSO <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] VeriSign Employee Data on Stolen Laptop. Is customer and/or registrant data next?
  • From: Jeff Williams <jwkckid1@xxxxxxxxxxxxx>
  • Date: Tue, 07 Aug 2007 22:55:38 -0700
  • Organization: INEGroup Spokesman
  • Sender: owner-ga@xxxxxxxxxxxxxx
All,

  Seems Verisign in this instance didn't have proper enforcement of
it's own internal policies.  Makes one wonder if it can or does enforce
adequately any policy, internal or external.

  As I am a self admitted fan of Verisign, I was saddened and somewhat
shocked to receive this very concerning news.  If this can happen once
it can happen again.  Seems to me Verisign needs to tighten up it's
own security procedures before preaching to others what is and
is not good security procedures.  Here's a hint for them: NO employee
leaves his or her workplace with a company laptop or portable storage
media of any type that is not his or her own property and NO company
laptop
contain ANY employee or customer data what so ever.

See:
http://www.theregister.co.uk/2007/08/06/verisign_laptop_theft/print.html

and
 http://wizbangblog.com/content/2007/08/02/laptop-theft-leaves-verisign-employees-data-exposed.php

A laptop computer stolen from a VeriSign employee's car holds
personally identifiable information of an unspecified number of
company employees.  Although company policy requires that such
information on laptops be encrypted, these data were not.  The data
include names, addresses, birth dates, salary information and Social
Security numbers (SSNs).  VeriSign has disabled the stolen laptop's
access to the company computer network, and the employee from whose
car the computer was stolen no longer works at VeriSign.  The computer
was stolen on July 12 or 13; notification letters sent to employees
were dated July 25.

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
 Registered Email addr with the USPS
Contact Number: 214-244-4827
<<< Chronological Index >>>    <<< Thread Index >>>