Shostack + Friends Blog Archive


January 20, Honeywell International, 19,000 current+former employees, SSNs and bank account info, published on web site

Long Island Newsday reports [link to,0,3889755.story?coll=ny-region-apnewjersey no longer works] on Honeywell paying for credit monitoring for 19,000 current and former employees after their information somehow wound up on a web site:

The company notified employees about the breach within a day of learning of it Jan. 20, according to spokesman Robert C. Ferris.
“The company immediately contacted the relevant service provider, had the page removed from the Internet and is continuously monitoring the Internet to ensure that the Web page and any copies of it remain taken down,” said Ferris.
He said the company was working with federal and state investigators to determine who posted the data. Ferris said he didn’t know whether the posting was the work of a disgruntled employee or resulted from an administrative error or other cause.

The South Bend Tribune provides the important detail that the 19,000 worked for Honeywell in 2003.
Update 2/6/2006: Honeywell believes this to have been the work of a disgruntled insider, as reported here.