So, I got a letter from my employer last Friday. It made me nervous, as I don’t normally get correspondence from them unless it’s payday or we’re ready to do the annual insurance crap. I thought for a moment that I had been laid off and it was my severance notice. I held the envelope up to the kitchen light to see if there was any collateral inside, like a brochure or something. I grew tired of being paranoid, and tore the top of the letter off.
Corporation X recognizes the importance of safeguarding its personnel information. To that end, Corporation X has implemented administrative, technical and physical safeguards for that information. Even the most rigorous safeguards, however, can not guarantee protection against criminal conduct.
Our Company recently was victimized by such conduct, and we regret to have to say that this criminal conduct might have a direct impact on you. On August 9, 2007, a thief broke into the car of a Corporation X employee and stole the employee’s briefcase. The briefcase contained a laptop computer used by the employee for work ….
We have recently determined that the laptop contained a spreadsheet with the first and last name and Social Security Number (SSN) of Corporation X employees, including yours.
The letter goes on to state how my employer has donated a year’s worth of credit monitoring for me, but really, who gives a shit? What I want to know is who thought it was a fucking good idea to make a spreadsheet of SSNs, put it on a laptop, and then leave it in their fucking car unattended? I want to know who that person is, they need to get fired and punched in the face twice by everyone on that spreadsheet. What the fuck did they need it for, anyway? I hardly think “leaving a laptop with sensitive information in a car” is a very good technical or physical safeguard.
My fear is not that something will happen in a year’s time, but much later, perhaps after I’ve forgotten about it, or am ready to buy a new home years and years from now. Some jacktard probably sold my SSN on the Internet to a bunch of Russian software pirates, who in turn have sold it to Teh Terrorists™. Motherfucker. I need to kick someone in the babymaker right now.
Aaagh! Now I want to go home and look at the mail from my employer, which I had thrown unopened into the paychecks/bank balance pile.
What I want to know is, was it some individual HR person’s messup (in which case, I’m not against your proposal), or was it because of some HR practice … exporting data from a DB into a spreadsheet? If so, for what purpose?
This is pretty common occurence actually. I run across it a lot actually.
Use the monitoring, and make sure you check your credit once a quarter.
I also got one of these lovely letters from Corporation X and I haven’t worked there for two years. I’d be curious to know what the business function that spreadsheet performed if I was still in it.
There’s no valid reason for them to use a SSN as a foreign key short of actually dealing with the Feds, it’s just laziness.
Someone should be terminated for this, whether it’s the HR drone who can’t be trusted with a laptop, or the numb-nuts in the IT department that can’t manage data security.
Having been the victim of identity theft, a year of credit monitoring is bullshit. They should have a team of lawyers ready to do all the fucking paperwork that will haunt you for up to at least three years.
Fuckers.