[ISN] Honeywell Investigates Security Breach

InfoSec News isn at c4i.org
Wed Feb 1 07:24:49 EST 2006


February 1, 2006 

MORRISTOWN, N.J. - Honeywell International is offering credit
monitoring and identity theft insurance to approximately 19,000
current and former employees whose personal information _ including
Social Security numbers and bank account information _ was posted on
an Internet Web site.

The company notified employees about the breach within a day of
learning of it on Jan. 20, according to spokesman Robert C. Ferris.

"The company immediately contacted the relevant service provider, had
the page removed from the Internet and is continuously monitoring the
Internet to ensure that the Web page and any copies of it remain taken
down," said Ferris.

He said the company was working with federal and state investigators
to determine who posted the data. Ferris said he didn't know whether
the posting was the work of a disgruntled employee or resulted from an
administrative error or other cause.

"Honeywell will aggressively pursue those responsible for this
breach," Ferris said.
In a Jan. 24 letter to employees, the company's vice president of
global security, John E. McClurg, said the Identity Theft and Fraud
Division of insurer AIG would help them protect themselves.

"They will provide you with a tool kit of resources and hands-on
support to address any issues you encounter," he said.

The Morristown-based industrial and aerospace conglomerate employs
about 120,000 people worldwide.

Incidents like the Honeywell security breach are on the rise as
thieves and pranksters take aim at corporate America, according to Ron
Teixeira, executive director of the National Cyber Security Alliance,
a Washington, D.C.-based nonprofit dedicated to educating individuals
and corporations about cyber safety.

"There are a number of reasons why this could have happened. When it's
put out on the Web, hackers do that to show they could get access to
the information and show the company their security was lacking. Other
times, hackers are actually thieves or try to sell the information to
thieves to commit ID theft.

"Any time your info is posted on a Web site, you never know who's
using it and what they're using it for," said Teixeira.

© Durant Democrat

More information about the ISN mailing list