By JAMES WALLACE
December 14, 2006
The Boeing Co. said Thursday it has fired the employee whose laptop was
stolen with personal information about nearly 400,000 retired and
current company workers.
Files on the stolen computer contained salary information, Social
Security numbers, home addresses, phone numbers and birth dates.
A person with knowledge of the matter said the employee data was not
encrypted as company policy requires once it has been downloaded from a
Jim McNerney, Boeing's chairman, president and chief executive, said the
breach of company policy was so serious that some Boeing managers also
will be disciplined.
"This latest incident resulted from a clear violation of our
data-protection policy," McNerney said in an e-mail to all Boeing
"We have very strict and clear policies and procedures about how
employee information is handled," he wrote. "An employee, despite proper
training, failed to comply with those requirements and as a result is
being dismissed from the company."
McNerney said action will be taken against some Boeing managers.
"I also believe strongly that management must be held accountable when
repeated failures like this occur, so the employee's management chain
will be reprimanded."
Boeing has not identified the employee or where in the company the
person works. Nor has Boeing said where the laptop theft occurred. The
laptop was stolen earlier this month from the employee's car.
Even though the employee data was not encrypted, the laptop was turned
off. That means the person who stole the computer would not be able to
access the employee data without a password to open the computer once it
was turned on.
Boeing is notifying the estimated 382,000 workers, mostly retirees,
whose names were in the laptop. The company said it will pay for fraud
monitoring services for the past and current workers whose names and
personal information was in the laptop.
This is not the first time a Boeing laptop computer with sensitive
employee information has been lost or stolen. There have been at least
three such cases.
When a similar theft occurred last year, McNerney said, Boeing
implemented an "aggressive, multi-phased plan to better safeguard
"But the best policies, procedures, encryption software and
awareness-raising in the world can't force people to use them," he said.
"It's a matter of leadership and individual responsibility. Cutting
corners is never acceptable --especially when the trust of the whole
team is at stake."
McNerney said investigators do not believe the latest incident was aimed
at identity theft.
"Our investigations and security teams have been working hard with
law-enforcement officials to investigate this crime," he said. "Based on
what we know at this point, we believe this incident was the result of
petty theft, not an attempt at identity theft. However, as our
communications yesterday described, we have put in place a series of
actions that assumes the worst case. We are doing everything humanly
possible to recover the laptop and our data, and see that an incident
like this doesn't happen again."
McNerney said he had received many e-mails from Boeing employees about
the computer theft. They expressed "disappointment, frustration and
downright anger" about the incident.
"I am just as disappointed as you are about it," McNerney said in his
He said Boeing is taking the right steps to prevent the loss of
sensitive data from happening again.
"But to ensure that all Boeing-sensitive information is safe -- even in
the event of theft -- each and every one of us must actually follow the
policies and procedures and use the tools available to protect
information," he said.
Subscribe to InfoSec News