Over the years many things have happened at McDonalds restaurants.  Billions of people have been served.  New techniques and policies for getting food to the consumer quickly have been produced.  Ronald McDonald and company have entertained millions of children while Grimace has caused a few to freak out a bit.  This, however, is the first time that sitting at McDonalds having a bit to eat has caused a data breach.  The interesting thing is that the breach did not even impact McDonalds, but rather Delphi.  An employee had a flash drive stolen out of her laptop while she was eating lunch at the restaurant.

The theft took place in Lebanon and impacted 2,600 former employees who had worked for Delphi in the Columbus, Ohio area.  The flash drive contained names, addresses, telephone numbers, but most alarmingly, social security numbers.  This is the exact type of information that an identity thief needs in order to create financial havoc on an unsuspecting victim.  Delphi acted quickly, according to spokeswoman Helen Jones-Kelley, in alerting the affected employees.  Letters were sent out to the individuals letting them know what had happened and that their private data had left the security of the company.

The media was not provided with a copy of a letter.  It was interesting that Jones-Kelley did not mention any credit monitoring that would be provided free by the company.  In many instances when a company loses the personal data of current or former employees they provide a year of monitoring services.  Since Delphi does not appear to be doing that in this case, an option that the 2,600 people might want to consider is enrolling in an ID theft subscription service.  One of the best companies that provides this service is Lifelock.  This company has connections with all three major credit bureaus, Trans Union, Equifax, and Experian, and monitors whenever a new application comes through.  This application is commonly a new credit card or loan form.  Lifelock contacts its customer to see whether or not the application is legitimate.  If it is a fraudulent claim, it is stopped from processing which effectively limits the possibility of identity theft.

At this point, there has been no information released about how the data was protected on the flash drive.  The fact that Jones-Kelley did not mention any password protection or data encryption is a discouraging sign.  She did note that the employee had violated company policy by walking away from the laptop and not making sure that it was secure before she left.  The unnamed employee faces a litany of punishments which might conclude with her termination from the company.  The data breach should cause the company to reconsider its computer policies and determine whether or not people should be allowed to take personal information outside of the main office where the likelihood of data breaches rises significantly.

Tags: Delphi, lifelock, McDonalds

This entry was posted on Saturday, August 30th, 2008 at 12:26 pm and is filed under Corporate Breaches, Government Breaches, Individuals. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.