IBM Contractor Loses Sensitive Employee Data

An unnamed IBM vendor has lost tapes containing sensitive information on IBM employees, the computer maker confirmed Tuesday.The tapes went missing in transit from a contractor’s vehicle on Feb. 23 near the intersection of Interstate 287 and 684—just a few miles south of IBM’s Armonk, N.Y., headquarters, said IBM spokesman Fred McNeese. “We’ve investigated the incident and concluded that the tape loss was inadvertent.”IBM has run an ad in the local newspaper—the Westchester Journal News—seeking help in retrieving the tapes, but has been unable to recover them. “We don’t know what happened to the tapes,” McNeese said.”We’ve had no indication that any information on the tapes has been accessed,” he added.Still, some of the tapes could be misused if they fell in to the wrong hands. The tapes contained sensitive information including dates of birth, Social Security numbers, and addresses of current and former IBM employees. The majority of information was related to ex-IBMers, McNeese said.Some of the tapes were not encrypted, and McNeese could not say whether this was in violation of IBM policy.The company is not releasing details on how much data was lost, but a large number of former IBM employees appear to have been affected. IBM began notifying victims of the breach on April 9, and letters offering one year’s worth of free credit monitoring were still going out on Tuesday, McNeese said. The data breach is an embarrassment for IBM, which has been increasingly pushing data security as part of its portfolio of IT services.IBM is not the only company to have a contractor lose this type of information, however. Long Island Railroad and Time Warner have blamed data protection vendor Iron Mountain for lost tapes. And United Parcel Service of America has been fingered for missing tapes by Bridgeport Connecticut’s People’s Bank and at Citigroup.

–Robert McMillan, IDG News Service (San Francisco Bureau)