From the Santa Cruz Sentinel:
Safeway discloses possible security compromise - By Gwen Mickelson - Sentinel staff writer - November 22, 2005:
About 500 Safeway employees in Santa Cruz County could be affected by a company laptop theft.
In October, Pleasanton-based Safeway Inc. notified employees in California and Hawaii that certain personal information may have been compromised when a company laptop was stolen in August from a division director's home, along with other unrelated items.
In a letter to Safeway employees dated Oct. 17, Human Resources Director Bob Carlson said the computer contained several reports that include names, Social Security numbers, hire dates and work locations for a number of Safeway employees. The computer was protected by a power-on password, the company said, but nonetheless recommended that employees place a fraud alert on their credit files and request copies of their credit reports every three months for the next year.
No information breaches have been reported, spokeswoman Jennifer Webber said.
But union leaders criticized the company, asking why it took so long to notify employees and why the information was stored on a laptop.
Members of the union, which represents about 1,200 employees in Monterey, Santa Cruz and San Benito counties, "don't want to hear 'no one's been compromised yet,'" he said. "They want to hear 'we're sorry, we apologize for the 60-day delay, we assure you you're not going to pay out-of-pocket for one thing, we've put measures in place so that this won't happen again.'"
Briley said the password protection doesn't soothe his members, and said he wants assurance from Safeway that if anyone does fall victim to identity theft down the road, the company would take responsibility and help out.
He criticized the grocer for keeping members information on a laptop, saying he'd "bet a hundred-dollar bill" that Safeway Club Card data the company keeps on consumers is "kept on a safer computer than my members' information."
Webber called Safeway security processes "incredibly tight," and said procedures "have been and will be to keep information as secure as possible."