Aetna Loses Laptop With 38,000 User’s Personal Info

Yet another latop containing thousands upon thousands of consumer’s personal info was stolen this week, this time from Aetna. Over 38,000 customers of the health insurance company were on the computer were stolen from a computer which an employee left sitting in their car. Our tipster writes, “We are reminded at least once a
month not to leave our laptops in the car. Also, we have to sign the “Code of Conduct” every year, part of which says ‘I promise not to leave my company laptop in the car.’ “

The president of Aetna issued a press release today, available in delicious source document size, after the jump…

Again we say, if a laptop has got personal records on it, it needs to be handcuffed to these user’s wrists.

Lacey W. writes:

There’s been a lot of news lately about financial institutions losing and/or compromising personal information. Now it has spread to the health insurance industry. The president of Aetna, Inc. issued a press release today that a laptop was stolen out of an employee’s car. The release is copied at the bottom of this email.

Basically, what happened is an employee at Aetna left their company laptop in the car and it got stolen. As bad and careless as that sounds, I really can’t blame Aetna on this one. I’ll be honest – I work for Aetna. I also know that we are reminded at least once a month not to leave our laptops in the car. Also, we have to sign the “Code of Conduct” every year, part of which says ‘I promise not to leave my company laptop in the car.’ The laptop was encrypted with a ‘strong’ password – they won’t let you use a password that is less than 6 characters in length, and has at least 1 alpha char, 1 numeric char, and one symbol. According to the press release, Aetna has determined which clients’ information was stored on that computer, and have offered to pay for credit monitoring services for those who might have been compromised.

This is a classic example of one idiot employee giving 20,000 others a bad name. I wanted to send this in so
people would know it happened, but could also see that it’s not like someone hacked into Aetna’s mainframe,
or that Aetna doesn’t educate its employees, or doesn’t take steps to protect member’s private information. I will be interested to see the editors’ and posters’ comments on this issue.

Sincerely-
Lacey W.”

Aetna CEO and President Ronald A. Williams has issued a statement regarding data security.

Posted April 27, 2006

Aetna has notified approximately 38,000 members that an Aetna employee’s laptop computer containing certain personal member information was stolen from an employee’s personal car in a public parking lot. These members are employed by two Aetna customers, and we are auditing our back-up files to ensure that all affected individuals will be notified. There is no indication that data on the laptop, which was secured with strong-password authentication, has been compromised, and we have no reason to believe that there has been any unauthorized use of it.

Nevertheless, we have offered to pay for credit monitoring services for our affected members to help prevent any potential misuse of the information and we are contacting each affected individual directly with information on how to access this service.

Aetna deeply regrets this incident and has apologized to our members. Each of us at Aetna is mindful that our members trust us with their medical and financial information, and we are vigilant about keeping that information secure. We periodically thoroughly review our data security policies and practices, and employ numerous measures to help protect information and minimize the risks of identity or data theft. These include technical and physical safeguards and employee education. In addition, every year all Aetna employees are required to complete data security training and certify that they are in compliance with all business conduct policies, including data security.

In this case, our employee did not follow our corporate policies, and it was coupled with a criminal theft. In light of this, we are augmenting our efforts to ensure employee compliance with all Aetna security requirements.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.