Symantec to Employees: You’re Fired! And We are Giving Your Personal Information to Criminals

It sucks to get fired.  After the initial shock, you have to scramble to make ends meet, work with creditors to delay or restructure payments, and you have to live off of savings.  But Symantec twisted the dagger in the backs of about 100 former employees by allowing their personally identifiable information (PII) to fall into the hands of criminals.  So in addition to being on their ass and on the street, there is a real risk of those employees having their identities stolen, and their credit ruined, and their bank accounts drained.  All because a security company, that is an expert in encryption and privacy protection, failed to apply their own policies to their systems.

From Computerworld here:

Technology vendors Hewlett-Packard Co. and Symantec Corp. are warning employees that their names and Social Security numbers have recently fallen into criminal hands after two separate laptop thefts.

HP said today that at least several thousand employee records were contained on a laptop that was stolen several months ago from an HP employee based in the Houston area. The laptop contained names and Social Security numbers of current and former employees.

The Symantec breach occurred on Oct. 18 and affected fewer than 100 employees who were being laid off as part of a restructuring of the company’s IT operations. “Somebody who was working on the project took their computer home with them,” said Cris Paden, a Symantec spokesman. “Burglars came in and stole a bunch of items in the house.”

Symantec has nearly completed the process of encrypting all corporate laptops, Paden added.

Still, it’s embarrassing for two companies that sell products designed to protect data to have to report data leaks themselves, said Gartner analyst Avivah Litan. “There’s really no excuse,” she said.

So HP gave away thousands of PII records to criminals.  So why do I focus mainly on Symantec here?  Because HP is the mother corporation of EDS.  And Symantec fired those employees before they outsourced its IT operations to EDS.  Seems like a merger of like-minded people.  And when Symantec claims that they are “nearly completed” the process of encrypting their laptops, does that really mean 75% finished?  50%?