Google has confirmed that personal data of U.S. employees hired prior to 2006 have been stolen in a recent burglary.
Records kept at Colt Express Outsourcing Services, an external company Google and other companies use to handle human resources functions, were stolen in a burglary on May 26. An undisclosed number of employees' details and those of dependents such as names, addresses, and Social Security numbers were on the stolen computers. It is understood that Colt did not employ encryption to protect the information.
It's still unclear how many more of Colt Express' clients were affected by the breach. CBS' CNET Networks, publisher of News.com, was also affected by the burglary, with about 6,500 employees' details stolen.
Although there is no evidence of misuse of the data to date, the information obtained could be used by identity thieves to create fake accounts and identities.
It's only come to light now that Google was one of the companies affected. Google itself was not burglarized, nor were any of its internal systems compromised.
Danny Thorpe, former chief scientist at Borland and engineer at Google who now works for Microsoft, was informed of the theft on July 1.
A letter from Google said personal data of Google employees hired prior to December 31, 2005, may have been stolen in the May 26 burglary of Colt Express Outsourcing Services. No credit card numbers were in the stolen data; just names, addresses, SSNs--all the information needed for a thief to open a credit card account under another's name.
According to Thorpe, Google has offered to cover the cost of a one-year subscription to a credit report and identity theft-monitoring service. Similar benefits were offered to CNET Networks employees.
ITWorld reported last week that Colt Express Outsourcing Services was in financial difficulty and could not help those affected. The company's CEO, Samuel Colt III, said in a statement "We do not have the resources, financial and otherwise, to assist you further."
"We take the security of our employees very seriously and require outside vendors to meet appropriate security standards. We review and update these standards on an ongoing basis," a Google representative said. "Google is not currently using Colt's services and had made this decision long before this incident."
Brendon Chase of ZDNet Australia reported from Sydney.