Boeing responds to personal data loss

In November, Boeing informed approximately 161,000 current and former employees their personal information may have been compromised when an employee's laptop computer was stolen. Because of an ongoing investigation, not all of the circumstances of the theft can be revealed. However, Boeing informed affected individuals of the steps they could take to prevent identity theft and to monitor their credit in the future.

Rick Stephens, senior vice president, Human Resources and Administration, is leading the effort to get information out to affected individuals—and to review the policies and processes to ensure such personal information is not jeopardized again. Stephens spoke with Boeing Frontiers about what happened.

Q: Can you tell us how the data loss occurred and what Boeing did when it learned about it?

A: An active investigation of the theft continues, and we have a dedicated team of people working to find the thief and the computer. While the time, date and location of the theft are part of the investigation, and we just can't talk about them at this time, I can say that the computer was stolen while the employee was on company travel.

We have no evidence the information has been used to the detriment of any current or former Boeing employee. But we needed to act on the assumption that the information could be misused. We moved as quickly as possible to reassemble the laptop's files from the backup server and develop a complete list of those affected. In parallel, we put the necessary call center and communications in place. The team worked around the clock to make that happen so we could share the information with affected individuals as quickly as possible.

Q: What is Boeing doing to ensure this does not happen again?

A: First, we are accelerating replacing Social Security numbers in our business systems with employee ID numbers. I will be reviewing the plan regularly to ensure this is completed as soon as possible. In addition, we have already begun reviewing policies and systems. We have ensured that all employees who have access to this kind of data are fully aware of their responsibilities in relation to data protection, and we are taking action to further limit personal data access. We're also having an outside firm do a complete audit of our personal information systems and the associated security measures.

Q: How does Boeing know for sure which individuals were affected?

A: The employee whose laptop was stolen had backed up his files on the company system, and we have been able to recreate and review all of the files. When we went through the data, we integrated all the information to make sure that we had one list. Based on that, we sent either an e-mail or a letter to those whose information was on the stolen files. We also set up a call center for the people who were affected to answer their questions about the actions they need to take—such as putting a fraud alert on their credit.

Q: Was any classified or other U.S. government information on the computer that was stolen?

A: This particular employee supported Human Resources and would not have engineering or customer data. To be certain, we went back and reviewed the files, and we found that to be true.

Q: What actions is Boeing taking to ensure the integrity of employees' credit?

A: First, we notified the affected individuals about what information of theirs was included in the files. Boeing has contracted with one of the three national credit reporting agencies to provide employees who received notification their information was compromised with three years of credit monitoring support. This support will notify affected individuals of any activity on their credit and enable them to identify possible fraudulent use of their information. The challenge will be for people to be vigilant about checking their credit reports.

Q: As the HR leader, how do you feel about the situation?

A: The news of the personal data loss has been frustrating, disappointing and disruptive for all of us. It's truly a regrettable event. Having been the victim of identity theft in the past, I well understand the concerns that affected individuals have expressed and the experiences associated with it. We are all disappointed in what happened and are working hard to recover from the deficiencies in our system to ensure Boeing never again is in such a situation.

None of us wants to believe we are targets or that our data can be stolen. But it does happen. We need to be sure we encrypt and encode sensitive information so that if we are ever targeted or if we lose our computer, we are not vulnerable and are not compromising company information.