VeriSign Stung by Laptop Theft

By Greg McNevin

August 7, 2007: Web security specialist Verisign, known for digital certificate services, has been left red faced and one employee short in the wake of a laptop theft that potentially exposed its worker’s personal details.

Stolen from a car parked in a Californian garage in July, the theft has seen the employee responsible “leave” the company while VeriSign has launched into damage control, offering affected employees a year of free credit monitoring.

Contrary to company policy, the data on the laptop was not encrypted, raising fears that the theft has exposed the names, Social Security numbers, dates of birth, telephone numbers, home addresses and pay information of an unknown number of Verisign employees.

In a written response to workers aired by the Wizbang blog on Friday, the company claimed that it is taking the theft very seriously and is reviewing its security procedures to prevent future human errors of this type.

“We have no reason to believe that the thief or thieves acted with the intent to extract and use this information. The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee’s computer to the VeriSign network,” said the firm in the statement.

VeriSign adds that the laptop was shut down and requires a username and password to boot up Windows, so as long as the thieves do not have the password or low-level data retrieval skills the data could remain safe.

While laptop thefts and the subsequent potential data breaches are becoming alarmingly common, it is particularly embarrassing for a prominent security firm such as VeriSign to be stung in this manner. It just goes to show, no company is safe from human error.

Comment on this story