When the government agency tasked to protect consumers from identity theft and one of the world's three major credit agencies are both hit with thefts of laptops containing sensitive personal data, it's a sign of a real epidemic in consumer security.
The Federal Trade Commission (FTC) reported on June 22nd that two laptops containing information on 110 people were stolen from a locked vehicle.
The laptops contained information about individuals involved in FTC cases and enforcement actions, and included names, addresses, Social Security numbers, and personal financial information.
According to an FTC press statement, the laptops were password-protected, and the agency believed the data was not the target of the theft. The FTC provided no clarification as to why they believed this, the location of the theft, or why the data was on the laptops.
Equifax reported on June 20th that a laptop containing information on 2,500 of Equifax's American employees -- nearly half of its entire workforce -- was stolen from an employee while he was traveling on a commuter train in London on May 29th.
The laptop contained names and Social Security numbers of the employees, although Equifax spokesperson David Rubinger claimed the data was "streamed together," which would make the information harder to decipher.
Rubinger did not specify whether the laptop was encrypted or password-protected.
The unidentified employee was authorized to have the data, Rubinger said, but not to store it on his laptop. The employee was disciplined, but Rubinger did not provide any more specifics.
Same Old Song And Dance
Both the FTC and Equifax cases are eerily reminiscent of previous laptop thefts or disappearances in almost every detail.
In February, an auditor from financial firm Deloitte and Touche left a laptop containing data on 9,000 current and former employees of the McAfee security firm in an airplane seat pocket.
And many laptops have mysteriously disappeared from locked vehicles in recent months, including those belonging to Ameriprise and Hotels.com.
As in virtually all cases of data theft over the last twelve months, the common response for even security companies has been to offer a year of free credit monitoring and fraud alerts on a victim's report, and a perfunctory letter explaining the loss in vague terms.
One observer was particularly incensed at the fact that the FTC was so careless with consumer data, given its mandate to protect Americans from fraud and identity theft.
Discussing the article at CNet.com, the reader said "The irony that the Federal Trade Commission was the one to lose a machine! Are these government bodies actually paying attention to any ... compliance and privacy legislation?"
Others found nothing unusual in the latest incidents.
"It never ceases to amaze me that Americans are surprised by each new piece of evidence of their government's total ineptitude," said one longtime Washington observer not involved in any of the data losses. "Roughly the last time this slothful bunch did anything right was the Revolutionary War."
