Slashdot Mirror
A Corporate-issued Laptop Stolen From a Lenovo Employee in September Contained Unencrypted Payroll Data on APAC Staff (theregister.co.uk)
A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, news outlet The Register reports. From the report: Details of the massive screw-up reached us from Lenovo staffers, who are simply bewildered at the monumental mistake. Lenovo has sent letters of shame to its employees confessing the security snafu. "We are writing to notify you that Lenovo has learned that one of our Singapore employees recently had the work laptop stolen on 10 September 2018," the letter from Lenovo HR and IT Security, dated 21 November, stated.
"Unfortunately, this laptop contained payroll information, including employee name, monthly salary amounts and bank account numbers for Asia Pacific employees and was not encrypted." Lenovo employs more than 54,000 staff worldwide, the bulk of whom are in China.
"Unfortunately, this laptop contained payroll information, including employee name, monthly salary amounts and bank account numbers for Asia Pacific employees and was not encrypted." Lenovo employs more than 54,000 staff worldwide, the bulk of whom are in China.
So in other words, this may be a rare leak that hurts the company, and benefits employees. Generally when employees find out other people's salaries, they aren't mad at the other employees, they're mad at the company and demand raises.
I actually saw something like this a while back. A secretary at our company was photocopying payroll data including pay rates for all the employees on the campus. She accidentally left it on the copier. By the time she realized her mistake and can scurrying back to get it, it had already been copied and distributed and soon enough was posted prominently around the building. So everyone knew what everyone else was making and the company had a lot of explaining to do for certain... discrepancies.
I've always been puzzled why employees are so willing to go along with not sharing their pay data since keeping it a secret generally only benefits the company.
Any employer issued laptop should have the entire hard drive encrypted. The fact that it wasn't is not the fault of the employee who's laptop got stolen. It is the fault of the IT department and, ultimately, senior management.