Pinnacle Foods Group, LLC has announced a data breach: an employee’s laptop computer — which was not secured with laptop encryption with the likes of AlertBoot endpoint security — was stolen. In all, 1,818 people are affected.
13 US States and Mexico
According to what appears to be a press release, the sites pymnts.com and vendinmarketwatch.com are reporting that Pinnacle Foods has announced the data breach of 1,800 people residing in thirteen states and Mexico.
Pinnacle Foods does not ring a bell? It didn’t in me, either, but take a gander of which brands are in their portfolio: Duncan Hines, Vlasic, Mrs. Butterworth’s, Log Cabin (syrup), Birds Eye, Van de Kamp’s, Celeste pizza, Hungry-Man, and Aunt Jemima. Incidentally, I’ve only listed those brands I’m familiar with — having consumed them at one point or another in my life — but you can find a complete list here (check out the “Our Brands” section towards the bottom).
So, Pinnacle is no fly-by-night company. And yet, we’re stuck in an unbelievable situation:
Pinnacle Foods learned that an employee’s laptop was stolen from her home in Clinton, Wis. on October 11, 2012. Company operations and systems were not involved; the breach affected only information residing on the stolen laptop, which was password protected, —including names, social security numbers, driver’s license numbers, credit card numbers, and/or personal information.
Clinton, Wisconsin: not exactly Gotham City under assault by Ra’s al Ghul, but it’s not absolutely free from crime either. Here are some stats.
Current employees, former employees, and employees who applied for employment at the company’s Darien, Wisconsin location are being contacted.
Password Protection is Not Encryption
Perhaps due to the overall safety of where the data breach took place, we could forgive Pinnacle for not having proper security on their laptop computers. On the other hand, is it really forgivable? Would you imagine walking around with $50,000 in cash in your pants pockets acceptable in American town or city?
But this is, analogically, what happened when Pinnacle allowed (admittedly, I’m making an assumption here that Pinnacle knew something along these lines could occur and didn’t prevent it) their employee to take very sensitive information outside of their security perimeter without using encryption software.
Password-protection? That’s like putting the $50,000 in a brown paper bag and traipsing around town. Again, not exactly what you would call secure practice.