http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002056 

By Todd Weiss
Computerworld
July 27, 2006

Two laptops used by U.S. Navy recruiters in New Jersey have been missing 
since early June, potentially exposing personal data on about 31,000 
recruiters and prospective recruits. In an unrelated incident, a laptop 
with personal information on 12,000 employees of Armstrong World 
Industries Inc. was recently stolen from a locked vehicle.

In the Navy case, the two machines were stolen from Navy Recruiting 
Station offices in Trenton and Jersey City, according to the Navy.  
"These laptops and several programs on them were password protected on 
multiple levels and the likelihood of unauthorized access to the personal 
data is extremely low," the Navy said in a statement.

"However, the Navy is reviewing the data contained in the computers, 
including personal information on approximately 31,000 individuals."  
About 4,000 Social Security numbers were included in the data on the 
laptops. The Navy is in the process of notifying potentially affected 
individuals by mail.

The laptop in Trenton was reported stolen from the recruiting station in 
early June, while the one in Jersey City was reported missing earlier this 
month.

"The Navy is taking a number of measures to better ensure personal 
information security," the statement said. "In the near term, the Navy 
sent a message to its commands to comprehensively review all procedures to 
better ensure personal information is safeguarded."

Lt. Bashon Mann, a Navy spokesman, said today that there is no evidence 
that any of the data has been used illegally so far. The incidents are 
being investigated by local police and by the Navy Criminal Investigative 
Service, he said.

As for the Armstrong incident, a laptop with personal information on about 
12,000 current and former U.S. employees of the flooring and ceiling tile 
maker was stolen recently from a locked car owned by a third-party payroll 
auditor.

In a letter sent last week to the 12,000 affected workers of the 
Lancaster, Pa.-based company, F. Nicholas Grasberger III, senior vice 
president and chief financial officer, said the laptop was stolen from a 
car owned by an employee of Deloitte & Touche LLP. That firm conducts 
regular internal audits of Armstrong's corporate policies and procedures.

A police report was filed, but the stolen laptop has not been recovered, 
Grasberger said in the letter. He did not not specify where or when the 
theft occurred. "While access to the personal information was password 
protected, the files were not encrypted, which would have provided a 
higher level of security," he wrote.

The personal information at risk includes names, home addresses, home 
phone numbers, employee identification numbers, Social Security numbers 
and annual salaries and hourly rates of pay, according to the company. 
Armstrong is "not aware of any unauthorized access to or misuse of this 
personal information" so far, Grasberger.

Dorothy Brown Smith, a spokeswoman for Armstrong, said the company would 
have no further comment on the matter.

Armstrong is providing free credit monitoring for up to two years for the 
affected employees and has provided a toll-free telephone number for 
employees to get more information about protecting their identities.

"We sincerely apologize for this incident and its associated risk,"  
Grasberger wrote in his letter. "Deloitte & Touche has assured Armstrong 
that it has established additional safeguards to better secure personal 
information."


_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com