It's always interesting to see one of the world's best-known security software firms be involved in its own identity fraud problems. This time it's tied to big four accounting firm Deloitte and Touche.

It seems the accounting firm was doing some of their regular work for McAfee and a CD came up missing back on December 15th according to a McAfee spokesperson. The story goes that an auditor left the disc in an airline seat pocket. It was reported to McAfee on January 11th. Then the details of what was actually on the disc were revealed on January 30th. 

The information on the disc is almost amusing… almost. The disc was loaded with personal information on thousands of employees, past and present, in both the U.S. and Canada. The information was NOT encrypted and included names and Social Security numbers as well as some stock holdings information in McAfee. This isn't good for either team. 

CNET quoted the spokesperson, "We notified our current and former employees last week and the week before. We have no reason to believe that any of the information has been accessed, and we are proactively protecting McAfee current and former employees with credit monitoring services." 

McAfee did try and take care of their current and former employees by paying for two years of free monitoring services from credit bureau Equifax. This should help those whose identities that may be compromised to be more proactive in protecting their credit ratings. 

This situation is laughable and ridiculous. Two very large companies making very careless mistakes says a lot about the sloppiness of these companies. The main mistake was on the accounting firm for not being more careful with the lost information and not making sure it was encrypted. McAfee is also at fault for not making sure the firm's information storage wasn't encrypted as part of their business arrangement. Encryption isn't a complicated process. Despite a recent judicial ruling, it should be standard procedure for any company, particularly financial or accounting and security software companies with half-a-brain. 

While this type of breach may not amount to anything and the disc could turn up or be in a dumpster somewhere, it emphasizes these companies lack of effort or even lack of concern in protecting data. Financial services breaches make up a very small percentage of identity fraud but one must wonder when they handle things in a seemingly careless manner. How can they teach the average consumer to improve their habits when they can't seem to do it for themselves. 

(Originating URL = http://www.securitypronews.com/insiderreports/insider/spn-49-20060224McAfeeMauledByDeloitteAndTouche.html )