Here we go again…. another seemingly avoidable data theft.
A Minnetonka-based employee of Famous Dave’s left some baggage in the car of a companion, including a work-related laptop computer containing a report with unencrypted employee information. As Famous Dave’s reported to the New Hampshire Attorney General’s Office by letter on April 16, the laptop was part of what was stolen from the car on March 21. The theft was reported to the police promptly.
An internal investigation to determine what information was on the laptop indicated that it contained names and Social Security numbers for employees who worked for the company on or after November 1, 2009 and a few who left the employment of the company in 2008 and before November 1, 2009. The report contained personal information for 2 residents of New Hampshire as well as former employees of the North Country group of restaurants located in the following New Jersey and New York locations: Brick Township, Hamilton (Mays Landing), Metuchen, Mountainside, New Brunswick, Smithtown, and Westbury. The total number of employees affected by the breach was not reported.
The company offered its employees free credit monitoring services.
The firm’s letter to the Attorney General did not indicate whether the employee had violated company policy by having unencrypted data on a laptop and/or by leaving the laptop in an unattended vehicle. Which brings me to another pesky point: should a company be allowed to claim that they have all kinds of safeguards in place but that they can’t guarantee protection against criminal conduct if the data were not even encrypted and had been left in a car?
I don’t know what the situation was with this case, but I’m getting tired of seeing claims of rigorous safeguards when a laptop with unencrypted personal or financial information is stolen from an unattended vehicle, aren’t you? I called Famous Dave’s to inquire as to whether the employee had complied with existing policies, but have not received a return call as of the time of this publication.
Update 1: This breach was reported to the NYS Consumer Protection Board on April 19, according to their log. At the time, Famous Dave’s indicated that 702 NYS residents were affected.
Update 2: This breach was reported to Maryland on April 16, and the report indicates that 695 Maryland residents were affected.