Correction to This Article
In a June 22 Metro article, Michael Vatis's current affiliation with the Markle Foundation's Task Force on National Security in the Information Age was incorrectly reported. He was the executive director of the task force from 2003 to 2004.

Spike in Laptop Thefts Stirs Jitters Over Data

By Petula Dvorak
Washington Post Staff Writer
Thursday, June 22, 2006

It has become the police-blotter item of our age: A small-time burglar swipes a laptop and fences it for a quick $200 at a pawnshop.

But increasingly, these petty crimes are causing anxiety in executive suites across the country as one corporation after another alerts customers that laptops holding troves of sensitive records have been stolen.

Week after week, Americans who conscientiously shred every piece of mail and all credit card receipts learn that their personal information was stored in the laptop of a low-level employee who casually took it out of the office and that it has ended up in the hands of some penny ante crook.

"We used to be worried about credit card receipts, and tearing those up. Now we have to worry about everybody's spreadsheets," said Scott Larson, a former FBI agent who used to track cyber criminals and is now managing director for Stroz Friedberg LLC, a consulting and technical services firm.

In the past six weeks, laptop thieves have found themselves holding thousands of credit card numbers from, birthdates from District pensioners who put their retirement funds in ING, addresses of nuclear power plant employees, account numbers of Mercantile Potomac Bank customers -- or even the Social Security numbers of people who work for Equifax, the credit reporting giant.

Untold millions of Americans are affected. Last month, the U.S. Department of Veterans Affairs reported that a stolen laptop and computer hard drive taken from an employee's house in Montgomery County contained personal information on 25.5 million veterans and military personnel.

Montgomery police have been distributing fliers with a photograph and a description of the stolen laptop. "It is a priority of the department to find that laptop," said Lt. Eric Burnett, a police spokesman.

Social Security numbers and the birthdates of 13,000 District workers and retirees were among the data contained on a laptop stolen last week from the Southeast Washington house of an employee of ING U.S. Financial Services.

And Wednesday, Equifax reported that an employee's laptop was stolen on a London train, compromising the personal records of about 2,500 of the company's Atlanta-based employees.

"By the time you add up a million here and 900,000 there and 4 million over there, you've covered most of the credit-holding and wage-earning population of the U.S.," said Marcus J. Ranum, a firewall designer, in an e-mail. "I'm sure my math is suspect, but I estimate that there are about 156 Americans whose personal information has not yet been compromised."

The thefts are being reported in large part because many states have passed laws requiring that they disclose potential data breaches.

What is striking to many people is how widespread and haphazard the spread of personal information has become in companies and government.

CONTINUED     1        >

© 2006 The Washington Post Company