A laptop containing the personal information of VeriSign Inc.'s current and former employees was stolen from an employee's car last month, the company confirmed Tuesday.
In an e-mailed statement, VeriSign, a digital infrastructure vendor that manages Internet domain names such as .com and also provides security services, said it was taking the recent laptop theft "very seriously" and that the company initiated an investigation as soon as the theft was discovered.
"We have no reason to believe that the thief or thieves acted with the intent to extract and use this information," according to the company's statement. "The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee's computer to the VeriSign network."
The statement also said the employee involved "has since left VeriSign."
In the statement, VeriSign said it was committed to ensuring that current and former employees whose personal information may have been on the stolen laptop had the support they needed to monitor their credit and knew how to respond if they identified any problems.
"The company has a policy on how to manage laptops that contain sensitive information and company data -- which in this case was not followed," according to the e-mail. "That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type."
The information about the theft was posted on the Wizbang blog.
Wizbang said it received several copies of a letter VeriSign sent to its employees detailing the theft. The letters came from several VeriSign current and former employees, the blog said.
According to the first page of the five-page letter, which WizBang posted on its site, VeriSign said it wanted to alert its employees that a laptop that might have contained their personal information was stolen from the vehicle of a VeriSign employee while it was parked in the employee's garage in northern California. The theft occurred sometime between the evening of July 12 and the morning of July 13, according to the letter.
VeriSign spokeswoman Lisa Malloyjust confirmed that the posted letter was the same one the company sent to employees.
According to the letter, the laptop may have contained employees' personal data, including their names, Social Security numbers, dates of birth, salary information, telephone numbers and home addresses. It did not include credit-card numbers, bank account numbers, or password information, nor did it contain information about VeriSign's customers, the letter said.
However, in the letter to employees, VeriSign said although the information was not encrypted, the computer was fully shut down and a username and password was necessary to log on to it.
"To our knowledge, the thieves do not have the password," the letter said.
VeriSign also offered the affected employees a free one-year subscription to a credit monitoring service. The company also recommended that the employees place a "fraud alert" on their credit files.