Why Is Boeing Storing Direct Deposit Info On A Laptop?

from the seems-like-an-important-question dept

Boeing has admitted that a laptop containing private info on 161,000 current and former employees was stolen recently. The data was basically all of the info necessary to do direct deposit of paychecks: names, birth dates, Social Security numbers and, yes, bank account info. The company points out that there's a good chance the thief just wanted the laptop to sell, and has no clue about the information on the machine. That's sort of missing the point, isn't it? The real question is why Boeing keeps such information, unencrypted, on an easily stolen laptop? The company also claims this isn't that worrisome because "the computer did not have sensitive company information stored on it." Of course, it would seem that the 161,000 people whose information is now at risk might disagree about just how "sensitive" the information on the laptop really is. The company's stance seems to be that the sensitive info on its employees isn't the company's sensitive info -- but that seems to show a stunning disregard for the fact that these employees are what make the company valuable.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Cap'n Jeff, 21 Nov 2005 @ 4:15am

    All too common...

    This is an all-too-common situation. I'm a Georgia Tech student, and woke up one morning to find a bright and cheery email from the dean of students admitting that computers containing my name, ssn, financial info, grades, etc. etc. had been stolen, but I shouldn't worry, because the thief was just going after the computer, not the data. I felt the same way...they missed the point. Your social security number isn't just something to hand out...I gave Georgia Tech my ssn because I had to, but given the size and prestige of the university, I trusted them with it. Looks like I was wrong.

    reply to this | link to this | view in chronology ]

    • identicon
      Thomas, 21 Nov 2005 @ 7:58am

      Re: All too common...

      Just so you know, your university is prohibited by federal law from REQUIRING you to provide your SSN as identification. You can give it to them voluntarialy, but you can also revoke your permission for them to use it at any time and they are required to assign you a randomly generated number for identification.
      Don't ever trust anyone who doesn't pay you with your SSN. Apparently you can't even trust the people who pay you, but no choice there.

      reply to this | link to this | view in chronology ]

    • identicon
      Antimatter, 21 Nov 2005 @ 9:20am

      Re: All too common...

      I remember that email = . Very comforting to know that you're info can be so easily stolen no matter who you're dealing with.

      reply to this | link to this | view in chronology ]

    • icon
      Ross C. "Bubba" Nicholson (profile), 21 Nov 2005 @ 10:07am

      Re: All too common...

      Funny, this was essentially my experience 20 years ago. The more things change, the more they remain the same.

      reply to this | link to this | view in chronology ]

  • identicon
    Jason, 21 Nov 2005 @ 5:53am

    boeing doesnt care about its employees

    I sem to recall that after boeing moved its HQ from the puget sound and laying off thousands (effectively kicking a region already in recession after 911 whilst it was down on the ground bleeding already) an on air personality asked the new CEO if he'd be willing to take a pay cut in order to help the supposedly ailing corporation..after stammering a bit he declined to do so. Ask those thousands of ex employees and millions of puget sound residents faced with a weak job market flooded with new applicants if they think boeing gives a damn about its employees or for that matter a region that supported it for the better half of the last century. They just sold, combined, 17 billion dollars worth of plains to our freinds in china and the united arab emirates, so good for them!

    reply to this | link to this | view in chronology ]

    • icon
      Douglas (profile), 21 Nov 2005 @ 9:17am

      Re: boeing doesnt care about its employees

      Actually Boeing is booming in the Puget Sound, now. The sales of the new jets are going great, and there is lots more hiring.

      There is also talk of doubling the number of assembly lines.

      Boeing's ups and downs have more to do with the international market then a percieved dislike of the employees.

      reply to this | link to this | view in chronology ]

    • identicon
      Douglas, 21 Nov 2005 @ 10:26am

      Re: boeing doesnt care about its employees

      Of course it cares. And clearly about it's engineers the most. As I understand it, the move of it's HQ to Chicago, was based on economics. Washington would not offer the incentives that were available elsewhere - it was financially responsible to do so. I do recall many, many layoffs associated with downsizing. A lower demand for commercial aircraft after 9/11, and cancellation of existing orders hit Boeing hard. I've also seen a hiring and ramp up when new orders and contracts were obtained, a key of future growth. Thats a business cycle and appropriate actions. Lets remember that 17 billion in orders isn't profit Jason, its got to be spent building the ordered Aircraft, paying the employees and investing in new technologies to make the A/C safter and more capable than the competition. (A European Corporation subsizized by at least four governments as you will recall). Is there profit in those orders? Of course. Only a small part of it, is the employee's profit. It's called profit sharing - the rest belongs to stockholders. That's called capitalism. You may wish to consider the profitability of real estate in the Ukraine or perhaps Bosnia. It would 'seem' to be a good match with your ideals. The move of its HQ to Chicago, was based on economics and the

      reply to this | link to this | view in chronology ]

  • identicon
    Me2, 21 Nov 2005 @ 6:00am

    Global Crossing (same thing)

    Global Crossing did the same thing about 4 years ago. Some nut job was given/bought a laptop with all the employees names/SS/birth date, etc. He then turned around and posted everyone's info to the net. GC warned their current empoyees about the breach but not the one's they had just let go. I wonder how long it's been gone and just what steps they have taken to help prevent additional damage....

    reply to this | link to this | view in chronology ]

  • identicon
    jszpila, 21 Nov 2005 @ 6:48am

    No Subject Given

    161,000 people is going to make for a hell of a class-action lawsuit.

    reply to this | link to this | view in chronology ]

    • identicon
      Justin, 21 Nov 2005 @ 7:02am

      161,000 more

      This reminds me of an incident involving two boys being killed by a railroad train. BNSF or Union Pacific, whoever the liner belonged to wouldn't accept fault, even with footage of it being their fault, a good lawsuit turned that around..

      How do you pay off 161,000 people who are now at risk for identity theft. Personally, I'm an enormous advocate of online shopping and such, however, two years ago I fell victim to identify theft, because of a stupid company.. How do you go back and make that up to a person?

      "Preventing is alot easier than repairing.."

      idiots...

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 21 Nov 2005 @ 7:37am

        Re: 161,000 more

        I know, I hate it when freight trains just come out of nowhere and run over me while I'm sleeping at home. If only there was some way to figure out WHERE trains might run! Like some sort of, I dunno, track or line in the ground so I could see, oh, a train might come through here, I shouldn't camp out here for the night. Damn corporations, they care about nothing but profits!

        reply to this | link to this | view in chronology ]

  • identicon
    lar3ry, 21 Nov 2005 @ 7:00am

    Old news

    This is not the sixties! The seventies were called the "me decade" for a reason... people started thinking about themselves and not the general good. It got progressively worse in the 80's (remember that radical idea called "trickle down economics" in giving tax cuts to the rich to somehow help the poor?) and 90's, and we're now seeing how it plays out now that a generation of people have lived with this philosophy.

    Companies no longer think of employees as assets, but as expenses that need to be minimized. It's hard to justify some low-level flunky's job to the board of directors, who find it easier to pay a college hire peanuts to do the same work. The people controlling the purse strings are only thinking about their own job and how the investors will panic when profits don't hit record levels in the next quarter.

    This is all short term thinking, and it's killing America.

    We are running record national deficits that our children and grandchildren are going to have to pay off (or perhaps we'll have to start selling some undesirable--blue--states to get the cash, huh?).

    The instant gratification that we get from this short term thinking will have people shaking their heads 20-30 years from now when they write their thesis papers at the Great University at Bangalore about how the great United States experiment failed.

    reply to this | link to this | view in chronology ]

    • identicon
      Mike, 21 Nov 2005 @ 8:23am

      Re: Old news

      "Companies no longer think of employees as assets, but as expenses that need to be minimized. It's hard to justify some low-level flunky's job to the board of directors, who find it easier to pay a college hire peanuts to do the same work.
      That has always been the case... Think about how it was before unions...
      "The people controlling the purse strings are only thinking about their own job and how the investors will panic when profits don't hit record levels in the next quarter."
      Corporations exist for the stockholders, not the employees... If corporations always did what was best for the employees, and not the stockholders then they would go bankrupt... (Unless the employees are the stockholders of course.) Sometimes that sucks, but socialism is worse.

      reply to this | link to this | view in chronology ]

      • identicon
        Geoff Howland, 21 Nov 2005 @ 11:27am

        Re: Old news: ...Sometimes that sucks, but sociali

        "Sometimes that sucks, but socialism is worse."

        How is socialism worse? Its just a truism in the US without any backing. There are plenty of socialist countries out there that also have pretty free markets, and are doing pretty well for themselves.

        Perhaps if the people who say things like "socialism is worse" would care to actually compare all the socialist countries they know of with ours, they would see that in fact socialism is better in some ways, by quite a bit, and it will of course be worse in other areas by quite a bit.

        The difference will be the audience. Who is this audience? Well, I assume youre not a billionaire, so American Captialism probably isnt working out in youre favor, predominantly. Other people have it better than you.

        But I guess with black and white thinking to solve all the problems, why bother trying to actually find better solutions? Any alternative solution is already worse...

        reply to this | link to this | view in chronology ]

        • identicon
          Sandman, 21 Nov 2005 @ 8:21pm

          Re: Old news: ...Sometimes that sucks, but sociali

          Wow, what color is the sky in your world??

          reply to this | link to this | view in chronology ]

        • identicon
          Mike, 22 Nov 2005 @ 7:27am

          Re: Old news: ...Sometimes that sucks, but sociali

          American Captialism is working great for me considering I am the first in my family to go to college and at the age of 25, I already make double what my parents make. Not to mention I also own my own company.... I actually enjoy EARNING what I make instead of begging for handouts and complaining about how all the rich people suck...

          reply to this | link to this | view in chronology ]

  • identicon
    Bob, 21 Nov 2005 @ 8:25am

    I smell a lawsuit coming

    Bad.

    The employees would obviously have a legitimate claim against the company if a class-action suit was filed, as the information they supplied to the company was contingent upon hiring. A reasonable judge would probably throw out any argument about 'info on its employees isn't the company's sensitive info'.. because the theft would affect their livelihood.

    Eventually, one company will go too far and be made the public whipping-boy of. It will be interesting to see if that company this time will be Boeing or not. I imagine once the laptop is recovered we'll see what happens in the news.

    And we wonder why identity theft is the top crime in America today.

    reply to this | link to this | view in chronology ]

  • identicon
    not needed, 21 Nov 2005 @ 8:27am

    Boeing and Human Capital Managment

    Boeings' payroll system is called Human Capital Management. Let that sink in for awhile. Additionally, most large ERP systems, like the one Boeing probably uses do not need to create a desktop based file to transmit Direct Deposit information. I can not think of a reason why payroll data (Name, SSN, banking info, etc) would need to go onto a laptop with the expection of fraud. When my firm implemented the same ERP system Boeing now uses, there is no way a contractor would have been allowed access to a DDP feed.

    reply to this | link to this | view in chronology ]

  • identicon
    Si, 21 Nov 2005 @ 8:50am

    Stolen User data

    A company that I have worked for "lost" sensitive data. Luckily this company still valued its employees and gave all of us a free 1 year subscription to a credit watch (one of the big three) so that we could access multiple credit reports and receive an email when ANYTHING changed on our credit report.

    Guess it's time that all companies be required under federal statue to do the same. That or there must be a federal statute that requires that credit reporting agencies (who make all of their profit form our data) to allow consumers to shut off all activity on their reports except when THE CONSUMER wants to add or delete. This would give the consumer the power to defeat would be identity thieves (no activity allow, no risk).

    reply to this | link to this | view in chronology ]

    • identicon
      The Other Mike, 21 Nov 2005 @ 9:30am

      Re: Stolen User data

      There has been a push for the ability to freeze your credit except by your consent in Congress. It was effectively killed by the credit reporting agencies and major companies because you can no longer get that person to do impulse buys (the basis of more than a few companies).

      Want it to change? Write your senator and reps or get your state level politicians to implement it. California has some ate up things in their politics but I recall hearing they have something about this on the books.

      reply to this | link to this | view in chronology ]

  • identicon
    Joe Smetona, 21 Nov 2005 @ 9:49am

    Encryption Technology available for free.

    There is a free encryption program available to anyone. It's available for download at:

    http://www.cypherix.com/cryptainerle/

    It's a great program. Very simple to set up and use and it uses 128-bit encryption.

    Here's the description text from their website:

    "Secure your data and ensure absolute privacy with Cypherix's powerful encryption software, Cryptainer LE. It's powerful 128 bit encryption, creates multiple 25 MB encrypted containers (vaults) on your hard disk. These encrypted vaults can be loaded and unloaded when needed. You can view, modify and hide all types of files with a single password.

    Phenomenally easy to use, Cryptainer LE's encryption works with all 32 bit versions of Microsoft Windows (95/98/ME/2000/XP/2003 Server) and with all known file types. Cryptainer allows you to password protect and secure any file or folder on any media, including removable drives (Flash Drives, CD ROM's etc.)

    Cryptainer can be installed directly on a USB / removable drive as a "stand alone" install. One can carry this installation of Cryptainer ('Cryptainer Mobile') to different machines without having to install Cryptainer on the host machine.

    You can protect your files and folders and ensure total privacy with Cryptainer LE. Simply drag and drop the files and folders you want to hide and voilą! Your files are hidden! With Cryptainer LE you can hide the very existence of your confidential files and folders.

    Additionally, Cryptainer LE allows you to send encrypted email files. The recipient need not even have a copy of Cryptainer LE installed to decrypt the files.

    Click here to download a FREE, fully functional copy of Cryptainer LE"

    reply to this | link to this | view in chronology ]

    • identicon
      Charlie, 21 Nov 2005 @ 12:27pm

      Re: Encryption Technology available for free.

      Encryption can be implemented poorly. I would prefer TruCrypt, which is open source. I keep a partial copy of my employers database with credit card number (encrypted in the DB itself, and I don't keep that key) on my system. Since I consider the rest of the data sensitive (names, billing addresses, etc.) I use TruCrypt. Before that was availible, we didn't have the ability to develop and test disconnected from the DB.

      reply to this | link to this | view in chronology ]

  • identicon
    Chris, 21 Nov 2005 @ 6:23pm

    No Subject Given

    Very scary to think Boeing keeps payroll info stored in a laptop. Our company uses a Payroll service. None of your direct deposit info is stored on the computer. Our payroll girl has to log in from a specific computer using proprietary software.

    reply to this | link to this | view in chronology ]

  • identicon
    Fred, 23 Nov 2005 @ 8:50am

    Its worse than it looks

    I missed the email telling us our personal banking data had been stolen because I was in my 2nd corporate ethics training session of the month, and my 3rd class on computing security. So what happened?

    reply to this | link to this | view in chronology ]

  • identicon
    Pravda, 2 Dec 2009 @ 6:49am

    I do not think the information was necessarily being stored on this laptop, it may have been being audited, examined for errors, checked for efficiency, etc. The real question that has merit which you raised, is why was the information unencrypted. Even the most basic encryption software would have had a chance to keep those files protected. I wonder how many people at Boeing stopped collecting paychecks because of this...

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.