A laptop containing sensitive personal data from City of Houston employees was reportedly stolen in February. Officials with the city released the news last week about the stolen laptop, which may have contained the names, birthdates, addresses, medical histories and Social Security numbers of city employees and their dependents.
Authorities are searching for the laptop to determine if there was a breach in the password security system.
According to news reports, a city employee removed the laptop from a secure job site with permission from their supervisor Feb. 2. The city did not release any information about the missing laptop or its contents until late Friday, Feb. 23.
A spokesperson for the city’s Human Resources department released a press statement addressing the theft.
“Because one employee failed to follow his training, all employees authorized to work with group health plan data are being retrained to reinforce the prohibition against removing unencrypted data from the protections of City facilities,” the statement read, in part.
The statement also advised city employees to place fraud alerts on their credit reports to alert them to any potential credit card fraud or identity theft the thieves could use against them with the stolen information.
The city is also offering its employees free credit monitoring and identity restoration services for up to one year.
The theft and subsequent revelation is prompting some computer security experts to question the city’s data protection protocols.
While most businesses and government agencies keep sensitive data on a protected web server, the question remains as to why the city would leave such private information on a portable laptop, much less leave that laptop in the hands of an employee with inadequate training.