Busch alerts N.H. residents: Stolen laptop had personal data

About 2,250 New Hampshire residents have been notified that their personal information was stored on a laptop computer taken by thieves that burgled an Anheuser-Busch Co. office in Missouri in June.

The brewer said the laptop contained encrypted personal data, including names, addresses, case notes from a company employee assistance program, Social Security numbers, birth dates, ethnicities and marital status, of current and former employees and their dependents.

The company confirmed that information on residents of other states was also contained in the laptop, but declined to elaborate. The laptop was password-protected, it said.

The company notified New Hampshire employees and dependants of the data breach via mail after the company alerted the New Hampshire state attorney general about the incident, as required by state law.

In the July 21 letter to New Hampshire Attorney General Kelly Ayotte, Anheuser-Busch vice president and general counsel Lisa Joley disclosed details of the burglary and told of plans to notify affected employees and dependants who live in the state.

Contacted by telephone, Joley declined to comment on the case.

Anheuser-Busch said that five Hewlett-Packard Co. laptop machines, including one containing the personal data, were stolen from a company office in Sunset Hills, Mo., during the weekend of June 6 to 8. The theft is being investigated by the Sunset Hills Police Department.

Tim Farrell, vice president of corporate human resources at Anheuser-Busch, said in a statement that the company is cooperating in the investigation. "At this time, there is no evidence that the theft has resulted in any unauthorized disclosure, fraudulent credit card applications or other identity theft crimes," Farrell said. "We have taken precautions by notifying all affected individuals and offering free credit monitoring from Equifax Personal Solutions for one year."

Thomas McQuillan, a technology consultant and principal of Quill Consulting LLC in Grand Rapids, Mich., said that while government agencies typically must fully disclose details of data breaches, private companies may do internal investigations or work with police, so they may have to be more close-mouthed about such incidents, he said.

"The majority of breaches are probably happening in the private sector, but they're just not being reported," McQuillan said.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.