Network News

X My Profile
View More Activity

Breach Exposes Info on Pre-'06 Google Hires

A data breach at a California company that administers benefit plans to businesses across the country involved personal information on all Google employees hired prior to Dec. 31, 2005, the search engine giant said.

Google's disclosure came in a letter (PDF) to the New Hampshire Attorney General, which revealed that Google was a victim of a break-in at Colt Express Outsourcing Services Inc.. Last month, Colt warned that the theft of computer equipment from its offices resulted in the loss of the names, birth dates and Social Security numbers of 6,500 CNET Networks employees. Google said that same information from its employees also was included on the missing equipment.

The letter notes that while "the break-in did not occur on Google property, and did not involve any computers, facilities or data associated with Google products," the company has nonetheless engaged Kroll Inc. -- a New York-based risk consulting firm -- to provide its "ID TheftSmart" service at no cost to affected employees for a year.

One again, we learn more about the depth and seriousness of a data breach because of a handful of state laws that require notification not just to affected consumers but to authorities where the affected consumers live.

There are at least two serious proposals circulating on Capitol Hill to enact a federal data breach bill. While consumer groups I spoke with recently say there's very little chance either of these measures will come to a vote anytime this year, it would be nice if -- in addition to requiring businesses to notify consumers of a breach that affects them -- any federal data breach notification law also required companies to report the breach to one central, public database.

Update, 3:37 p.m. ET According to Google's 4th Quarter 2005 financial statement filed with the Securities and Exchange Commission, Google had 5,680 employees at the time.

By Brian Krebs  |  July 2, 2008; 2:33 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Apple Pushes Peck of Patches
Next: Apple iPhone Four Months Behind OS X in Patches


Just out of curiosity, what value does TheftSmart provide other than a year's worth of credit monitoring? (I had a similar incident with IBM backup tapes going missing.)

Posted by: Jim | July 2, 2008 3:58 PM | Report abuse

Don't be in a hurry for the Feds to create a comprehensive data breach law; historically, Federal laws that emulate (and typically replace) State laws are usually watered down (due to the ease of lobbying) to the point of uselessness. Sure, citizens of States without these sorts of protection laws *might* benefit, but collectively we'll all be worse off.

Posted by: Craig | July 2, 2008 5:18 PM | Report abuse

Re: data "breaches." One of the regular posters to this blog (can't remember who) reminds us from tiem to time that data. per se, cannot be breached. Systems can be breached. Once a system is breached, date therein can be stolen or otherwise compromised. At first, I thought the distinction was a little tedious, but it resonates with me now. In the CNET/Google foopah, no system was breached, per se, but the data was potentially compromised since it fell into unknown and unauthorized hands. If Federal legislation is enacted, let's call it something other that a "data breach" notification law.

Posted by: Pete from Arlington | July 3, 2008 11:19 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company