As part of a merger, Invois of Alpharetta, Georgia provided GXS with some information on the company. On May 4, a laptop containing Inovis employee data was stolen from a GXS employee. Inovis wasn’t notified of the loss until May 21, however. The firm conducted its own investigation and required GXS to conduct one, too. By letter dated May 26, the company notified an unspecified number of employees that their names, addresses, Social Security Numbers and salary information were on the stolen laptop. There was no indication in the report as to whether there was any encryption. Nor was there any indication as to the circumstances surrounding the theft.
The Office of Inadequate Security
