Compromise of Password-Protected Computer Lost in BurglaryAnheuser-Busch notified thousands of employees that their personal data, and the data of their dependents, may theoretically be at risk of identity theft. The data were on a password-protected laptop, and the data were encrypted.
The case comes to light because one of the states involved, New Hampshire, requires notice be sent both to affected individuals and to the state attorney general, who publishes the notices on the web. New Hampshire's law does not require notice if data were encrypted. AB says the data were encrypted. It also says it has no information suggesting the burglars are attempting identity theft. So why did it give notice?
My guess is that the company was motivated more by the politics of the situation than a strict reading of the law.
The facts: A burglary in a Missouri building harvested several laptop computers from the offices of multiple companies. One of those laptops, belonging to AB, contained personal information (names, addresses, social security numbers and so on) about certain AB employees and their dependents.
Continue reading about encrypted laptop data