Stolen laptop had bank data of 50,000

Mercantile offers credit monitoring to Potomac customers


It's a story that has become too familiar: Employee takes home work containing sensitive company and client information. And it gets stolen.

This time, it happened to Baltimore's Mercantile Bankshares Corp. Yesterday the company said that a laptop computer containing Social Security and account numbers for nearly 50,000 customers of its Bethesda-based Mercantile Potomac Bank was stolen a week earlier from a worker's car off company property.

It was the most recent in a string of incidents around the country that raised fears of widespread identity theft.

None of the Mercantile Potomac customers has reported suspicious activity, the bank said, but it is offering affected clients one year of a credit-monitoring service, at bank expense, to alert them to any fraudulent activity.

Stephen K. Heine, senior vice president of Mercantile's client service group, said the employee violated bank policy by taking the laptop out of the office and, "as chance would have it, his car was broken into and in the car was a computer."

"The employee violated our security policies, and we consider that very, very serious and take great safeguards to ensure that doesn't happen," Heine said. Mercantile did not identify the employee and would not say what disciplinary action, if any, was taken.

But why is such personal information on a laptop in the first place? Why do employees take it home? And do businesses do enough to prevent such incidents?

Improvements in technology allow businesses to store data on a variety of portable devices - from laptops to iPods to USB memory keys, experts said. Today's laptops are so powerful that a marketing professional who wants to check whether his company should invest in a new product can do the data analysis on a laptop, said Jerry Silva, research director for retail banking and delivery channels at TowerGroup, a financial-services consulting firm in Needham, Mass.

But few companies have rules or policies on what type of work documents and equipment can be taken off-site, said Peter Cappelli, director of the Center for Human Resources at the University of Pennsylvania's Wharton School. And when there are regulations, often they're not made clear to employees, he said.

Complicating the matter is that bringing work home is becoming more widespread, Cappelli said. Portable technology makes it that much easier, he said.

In fact, one in five Americans do some or all of their work at home, according to the U.S. Bureau of Labor Statistics.

In recent years, a number of companies have substituted laptops for desktop computers so that employees can be more mobile and work outside the "confines of the 9-to-5 and Monday-to-Friday" environment, said John A. Challenger, chief executive of Challenger, Gray & Christmas, a global outplacement company in Chicago.

"Like so many things in the new technology era we're in, for many companies this is an accident waiting to happen," he said.

Last May, an employee of Safenet Inc., a Belcamp-based information security company, was determined to get some work done over a weekend. He printed out payroll information on employees - including their names, Social Security numbers and bank account numbers - and put it into a briefcase. He left the briefcase in the car, and it was stolen during a break-in.

At T. Rowe Price, the Baltimore-based investment firm, some associates and executives have laptops because of frequent travel and to have access to information and e-mail, said spokesman Steven Norwitz.

The company discourages its employees from storing client data on laptops and has guidelines to limit information that workers carry with them, he said: "Any information taken outside the office is limited to only what they have to have."

Some companies are reacting to recent incidents of stolen information by taking additional steps to secure their sensitive data, such as wiping it off laptops once they're done using it, Silva said.

But Robert L. Siciliano, author of The Safety Minute: Living on High Alert; How To Take Control of Your Personal Security and Prevent Fraud, said businesses should encrypt the data on their laptops to reduce the chances of compromising the data.

Often a laptop is stolen for the value of the computer, and the thief has no idea what he has, Siciliano said. But if a thief were to discover names and security numbers on a laptop, he or she could easily start filling out credit card applications under a stolen name.

Forty-two percent of all identity theft is committed through credit card fraud, he said. An additional 20 percent is through utility fraud - where a person opens an electric, gas or phone line under someone else's name - and 13 percent is bank fraud, or opening a back account under a stolen identity, bouncing checks and getting loans under that name, Siciliano said.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.