By Todd Weiss
July 27, 2006
Two laptops used by U.S. Navy recruiters in New Jersey have been missing
since early June, potentially exposing personal data on about 31,000
recruiters and prospective recruits. In an unrelated incident, a laptop
with personal information on 12,000 employees of Armstrong World
Industries Inc. was recently stolen from a locked vehicle.
In the Navy case, the two machines were stolen from Navy Recruiting
Station offices in Trenton and Jersey City, according to the Navy.
"These laptops and several programs on them were password protected on
multiple levels and the likelihood of unauthorized access to the personal
data is extremely low," the Navy said in a statement.
"However, the Navy is reviewing the data contained in the computers,
including personal information on approximately 31,000 individuals."
About 4,000 Social Security numbers were included in the data on the
laptops. The Navy is in the process of notifying potentially affected
individuals by mail.
The laptop in Trenton was reported stolen from the recruiting station in
early June, while the one in Jersey City was reported missing earlier this
"The Navy is taking a number of measures to better ensure personal
information security," the statement said. "In the near term, the Navy
sent a message to its commands to comprehensively review all procedures to
better ensure personal information is safeguarded."
Lt. Bashon Mann, a Navy spokesman, said today that there is no evidence
that any of the data has been used illegally so far. The incidents are
being investigated by local police and by the Navy Criminal Investigative
Service, he said.
As for the Armstrong incident, a laptop with personal information on about
12,000 current and former U.S. employees of the flooring and ceiling tile
maker was stolen recently from a locked car owned by a third-party payroll
In a letter sent last week to the 12,000 affected workers of the
Lancaster, Pa.-based company, F. Nicholas Grasberger III, senior vice
president and chief financial officer, said the laptop was stolen from a
car owned by an employee of Deloitte & Touche LLP. That firm conducts
regular internal audits of Armstrong's corporate policies and procedures.
A police report was filed, but the stolen laptop has not been recovered,
Grasberger said in the letter. He did not not specify where or when the
theft occurred. "While access to the personal information was password
protected, the files were not encrypted, which would have provided a
higher level of security," he wrote.
The personal information at risk includes names, home addresses, home
phone numbers, employee identification numbers, Social Security numbers
and annual salaries and hourly rates of pay, according to the company.
Armstrong is "not aware of any unauthorized access to or misuse of this
personal information" so far, Grasberger.
Dorothy Brown Smith, a spokeswoman for Armstrong, said the company would
have no further comment on the matter.
Armstrong is providing free credit monitoring for up to two years for the
affected employees and has provided a toll-free telephone number for
employees to get more information about protecting their identities.
"We sincerely apologize for this incident and its associated risk,"
Grasberger wrote in his letter. "Deloitte & Touche has assured Armstrong
that it has established additional safeguards to better secure personal
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.