BP Loses Laptop With Oil-Spill Claimants' Personal Info

Oxford_Comma_Lover writes "CNN Reports that BP lost a laptop with the name, address, DOB, and SSNs of everyone who filed claims related to the big oil spill last year. In other words, everyone asking for money from them based on the spill just got their private info misplaced. There has been no allegation of bad faith."

SSN?

[innocent_white_lamb]

Why do they need your SSN to process a damages claim?

Re:oh,

[PsychoSlashDot]

How about an additional answer: consider well what data you carry on a mobile device.

I have serious difficulty figuring out what scenario was in play that required this particular data to be on a laptop in the first place. Some mobile sales guy needed the data to plug in at a hotel conference room and make a presentation? Some jet-setting bigwig needed to massage the data and do some data-mining while on a trans-oceanic flight?

Even if the laptop's user was tasked with "visit each of these people individually and tell them 'no' in plain English", the data should have been partial and redacted.

Sorry, but corporations - like the human beings they're comprised of - put data on theft-prone devices that shouldn't be there in the first place. Encrypted or not.

Huh?

[cultiv8]

Was it not encrypted? How long after it was "discovered" missing was it remotely disabled? Were they able to wipe it? Why do you keep this type of data on a personal laptop? Seriously BP, you guys make a lot of cash, care to tell us how much of this is going into your IT infrastructure to prevent this from happening?

Re:Huh?

[Yo+Grark]

Oh, IT told them how to securely store the data on the laptop. Him being at the executive level, promptly ignored IT directives because it was "too complicated".

I'm in a large organization, it's INCREDIBLE what hoops IT makes little ol me jump through to do things on my laptop but Executives routinely able to do and get the most insane stuff happening on their laptop. Autologin because they keep forgetting their passwords? No duh, changed every 20 days, must contain an non-alpha-numeric character, must contain upper and lowercase, not dictionary based, and not similar to the last 20 passwords.....you have ANY idea how fricken hard it is to keep track of not only the main login but all the subsystems we use?

Oh, what's that? the exec has autologin with roboform installed? And this is allowed HOW? Oh right, they're the execs.

- Yo Grark

Re:Huh?

[PolygamousRanchKid+]

No duh, changed every 20 days, must contain an non-alpha-numeric character, must contain upper and lowercase, not dictionary based, and not similar to the last 20 passwords.....

I read an editorial a long time ago in the Wall Street Journal, written by a security consultant. The executive had three secretaries working for him, and they had to use the PCs from each other. The executive proudly stated that the passwords needed to be changed every week!

The consultant said that no one could deal with a different password every week. He did a MacGuyver, and used a pocket knife to open the drawers in one of the secretary's desk. There were the passwords, all written down and stored in the top drawer.

The point here is that you go off all crazy on security policies that are impossible to follow, someone will find a work-around that defeats the purpose.

"Bad faith"

[rhizome]

The bad faith isn't in losing the laptop, it's in the BP policy allowing workers to have this information on laptops that can be lost.

Re:oh,

[mwvdlee]

Never attribute to malice that which is adequately explained by stupidity.

With such enormous levels of stupidity, the entire company should just be shut down and the entire management thrown into a mental hospital.