Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Lenovo tells Asia-Pacific staff: Work lappy with your unencrypted data on it has been nicked

That's thousands of employees' names, monthly salaries, bank details

Paul Kunert Tue 11 Dec 2018  //  12:22 UTC

Exclusive A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, The Register can exclusively reveal.

Details of the massive screw-up reached us from Lenovo staffers, who are simply bewildered at the monumental mistake. Lenovo has sent letters of shame to its employees confessing the security snafu.

"We are writing to notify you that Lenovo has learned that one of our Singapore employees recently had the work laptop stolen on 10 September 2018," the letter from Lenovo HR and IT Security, dated 21 November, stated.

"Unfortunately, this laptop contained payroll information, including employee name, monthly salary amounts and bank account numbers for Asia Pacific employees and was not encrypted."

Lenovo employs more than 54,000 staff worldwide (PDF), the bulk of whom are in China.

The letter stated there is currently "no indication" that the sensitive employee data has been "used or compromised", and Lenovo said it is working with local police to "recover the stolen device".

In a nod to concerns that will have arisen from this lapse in security, Lenovo is "reviewing the work practices and control in this location to ensure similar incidents do not occur".

On hand with more wonderfully practical advice, after the stable doors were left swinging open, Lenovo told staff: "As a precaution, we recommend that all employees monitor bank accounts for any unusual activities. Be especially vigilant for possible phishing attacks and be sure to notify your financial institution right away if you notice any unusual transactions."

The letter concluded on a high note. "Lenovo takes the security of employee information very seriously. And while there is no indication any data has been compromised, please let us know if you have any questions."

The staff likely do. One told us the incident was "extremely concerning" but "somehow not surprising in any way. How on Earth did they let this data exist on a laptop that was not encrypted?"

The Register has asked Lenovo to comment. ®
Send us news
40 Comments

US House approves FISA renewal – warrantless surveillance and all

PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

High-profile individuals including MPs said to be caught up in leak

SharePoint logs are easily circumvented and Microsoft is dragging its heels

Now is the perfect time to review those permissions

Pandabuy confirms crooks nabbed data on 1.3M punters

Nothing says 'sorry' like 10 percent off shipping for a month

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

IT systems pulled offline for chance to paws and reflect

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

Lenovo scores deal to build supercomputer at UK's Hartree Center

Liquid cooled, 44.7 Petaflops and with unspecified GPUs

OWASP server blunder exposes decade of resumes

Irony alerts: Open Web Application Security Project Foundation suffers lapse

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns

AT&amp;T admits massive 70M+ mid-March customer data dump is real though old

Still claims the personal info wasn't stolen from its systems

Street newspaper appears to have Big Issue with Qilin ransomware gang

The days of cybercriminals having something of a moral compass are over

Microsoft confirms memory leak in March Windows Server security update

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns