A laptop with disk encryption is a safe laptop.  And that’s what Anheuser‑Busch (stock symbol: BUD) has, encrypted laptops that were stolen.  I’ve already covered the situation once, and updated it as well.

At first, there was only news that computers got stolen, and conflicting reports on whether there was laptop protection in place, as well as how many laptops got stolen (from an office, mind you, not from some car trunk—a sure sign that Anheuser‑Busch is a responsible company, I kid you not).

Then came the reports that 90,000 employees (former and current) across five states were affected, the bulk of them in Florida—with 87,500 employees—and the rest scattered among New Hampshire, Missouri, Texas, and Virginia.

Now, the number has upped to 190,000 affected.  Virginia’s numbers have ballooned from 2,250 affected to 45,000 (!) and California has been added to the bunch.  Mind you, this is not BUD alerting the media.  We’re getting these figures via filings with Attorneys General at each respective state and other indirect methods.

What’s surprising to me is that the Bud Light guys are approaching the disclosure in such a piecemeal fashion (that and the fact that they currently have a little over 30,000 employees, per their latest SEC filing.  How many years’ worth of data did these guys have on those laptops?  This means close to 84 % of those affected are former employees, and the count may rise).  One would imagine they could just notify in one press release how many people were affected, and in which states.  Maybe they have to do it piecemeal‑wise because each state has its own requirements?

On the other hand, some things don’t seem to make sense.  I’m not sure if Anheuser is trying to be a good corporate citizen or what, but in the case of California and Florida, there is no need to disclose data breaches if the data was encrypted, an exception that’s not available for similar cases in New Hampshire and Texas (Virginia and Missouri haven’t passed data breach notification law yet, as far as I know).

So, seeing how CA and FL are included…perhaps there’s more to this than BUD is letting us know?  Or, again, perhaps BUD is just trying to be a responsible citizen and letting everyone know what’s going on?  Time will tell.  Something tells me this is not the last we’ve heard of this situation.  In fact, I’m gonna go out on a limb and say we might hear how NJ, NY, GA, OH, and CO were affected as well.

Why?  Because Anheuser‑Busch operates 12 major breweries in the US, and those states we haven’t heard from to date.  The rest of the breweries are in—take a wild guess—NH, MO, TX, VA, CA, and FL (Cali has two breweries).

Related Sites:

http://www.chicagotribune.com/business/dp-biz_dataloss_0806aug06,0,4148457.story

http://www.anheuser-busch.com/Breweries.html