A laptop belonging to Fidelity Investments that held the names, addresses, birth dates, Social Security numbers and other information of 196,000 retirement account customers was stolen last week, the company says.
The nation's largest mutual fund manager said Wednesday that the computer held information on participants in Hewlett-Packard Co.'s pension and 401(k) plans and that it is has alerted those affected, offering them free credit monitoring for 12 months. Fidelity said there is no evidence that the data has been misused.
Fidelity, the sole provider of Hewlett-Packard's defined benefit and defined contribution plans, said it would reimburse account holders for any losses linked to unauthorized transactions connected to the stolen laptop.
The company also has notified the top three credit reporting agencies and implemented additional authentication procedures to gain account access. Fidelity did not say where the laptop was stolen, only that it was taken on March 15.
It is unusual to have so much information on one laptop, Fidelity spokeswoman Anne Crowley said, but the computer in question was brought to a business meeting by a team of employees.
William G. Duserick, vice president and chief privacy officer for Fidelity, recommended in a letter to Hewlett-Packard participants that those affected remain vigilant for the next 12 to 24 months, regularly review account activity and obtain a credit report from one or more of the national credit reporting companies, according to the Worcester Telegram & Gazette, which obtained a copy of the letter.
"We value your business and the trust you have placed in Fidelity, and we deeply regret any inconvenience or concerns this may cause you," Duserick wrote in the letter dated March 21.
Fidelity said the license to the software that contained the data has expired and, as a result, the scrambled data is difficult to interpret. The data is also in a form that is generally "unusable," Fidelity said.
Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said the level of detail on the Fidelity computer is out of the ordinary. "This type of data should not have been on someone's laptop," she said.
But such uses are becoming increasingly common as laptops grow more powerful and cheaper.
"You would be shocked how much internal data is left on employee computers," Richard M. Smith of the security consulting firm Boston Software Forensics told The Boston Globe. "It's much more common than companies know."
While the person who stole the laptop might not have wanted the data, they may realize its value and sell it on the black market, Givens said.
A Hewlett-Packard spokesman said the company is working with Fidelity to minimize the impact of the loss.
Hewlett-Packard is based in Palo Alto, Calif., but HP retirement plans include many people in Massachusetts who used to work for Digital Equipment Corp. DEC was acquired by Compaq Computer Corp. in 1998, which was in turn bought by HP.
Debra Waller of Newton, who used to work for Digital, said she was troubled that her information was on a laptop, but said so far she has not noticed any evidence that it has been misused.