News

CNET Employees Notified After Data Breach

CNET employees and relatives are being notified after a data breach at the company's health plan administrator

By Robert McMillan, IDG News Service (San Francisco Bureau)

June 24, 2008

More than 6,500 CNET Networks employees and relatives are being notified of a possible data breach after burglars stole computer systems from the offices of the company that administers the Internet publisher's benefit plans.

CNET was one of several clients affected when burglars broke into the Walnut Creek, California, offices of Colt Express Outsourcing Services, stealing equipment "which contains the human resources data of several of their clients including CNET networks," CNET Senior Vice President of Human Resources Jose Martin said in a June letter notifying employees of the incident.

The computers contained names, birth dates, Social Security numbers and employment information of the beneficiaries of CNET's health insurance plans.

It was unclear which other Colt Express clients were affected by the breach. Its other customers have included BroadVision, JDS Uniphase and 24 Hour Fitness.

The company's CEO, Samuel Colt III, did not return a call seeking comment Monday, but in a letter to CNET, published on the Web site of the attorney general for the state of Maryland, he said that local police were investigating the matter.

Data breaches such as Colt's must be reported to the Maryland attorney general when they affect state residents. State laws typically require such notification when an unencrypted computer is lost or stolen. According to Privacy Rights Clearinghouse, more than 230 million records have been exposed in this fashion in the U.S. over the past three-and-a-half years.

Four days after the break-in, Colt Express installed an alarm system, and the company is "looking into what additional steps may be taken to provide enhanced security," Colt wrote in his letter.

Customers looking for free credit-monitoring services from Colt Express should not get their hopes up, however.

Colt's letter included some marketing materials for Kroll, a company that helps companies respond to data breaches, but the information was provided "only out of courtesy and to give you an idea of the types of services available," Colt said.

"By this letter and enclosures we are providing you with all the information we believe you need and that we are able to give you," Colt added. "We do not have the resources financial and otherwise to assist you further."

Hurt by a downturn in business late last year, Colt is now in the process of going out of business, he said.

Affected CNET employees can sign up for one year of free credit-monitoring from Equifax, Martin said.

Other stories by Robert McMillan

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Maximizing Site Visitor Trust Using Extended Validation SSL

Understanding Data Location is Imperative for Data Loss Prevention

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Managing SSL Security in Multi-Server Environments

Solving Online Credit Fraud Using Device Reputation

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Get in Compliance With Government Data Regulations

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development