[ISN] Honeywell blames ex-employee in data leak

[InfoSec News]

http://www.computerworld.com/securitytopics/security/story/0,10801,108434,00.html

By Robert McMillan
FEBRUARY 06, 2006
IDG NEWS SERVICE

Honeywell International Inc.  says a former employee has disclosed
sensitive information relating to 19,000 of the company's U.S.
employees.

Honeywell discovered the information being published on the Web on
Jan. 20 and immediately had the Web site in question pulled down, said
company spokesman Robert Ferris.

In court filings dated Jan. 30, the company accused former employee
Howard Nugent of Arizona of accessing the information on a Honeywell
computer and then causing "the transmission of that information."

Nugent has since been ordered not to disclose any information about
Honeywell, including "information about Honeywell's employees (payroll
data, Social Security numbers, personal information, etc.)," according
to a Jan. 31 order signed by Judge Neil Wake of the U.S. District
Court for the District of Arizona.

The precise method Nugent is alleged to have used to gain access to
the information, and why he may have disclosed it, is not clear.

In the court filings, Honeywell claimed that Nugent "intentionally
exceeded authorized access to a Honeywell computer," but the integrity
of Honeywell's computer systems was not compromised, Ferris said.

"Nobody hacked into systems," he said, without disclosing further
details on the data breach.

Honeywell employees were notified of the breach via e-mail on Jan. 23,
just days after it was discovered, and the company has since mailed
notices about the compromise to all affected employees, Ferris said.

The company is working with federal and local authorities on the case,
but Ferris declined to comment on whether criminal charges were
expected to be filed.

Nugent could not be reached to comment for this story.