BP on Monday mailed out letters to 13,000 US residents affected by last year’s Gulf of Mexico oil spill, advising them it had lost a laptop containing their personal details.
The laptop contained details of people that had made compensation claims directly to BP as a result of last year's massive oil spill.
Personal data on the laptop included names, social security numbers, phone numbers and addresses.
The device was password-protected but information on it was not encrypted, BP spokesperson Curtis Thomas told the Associated Press.
BP sent the letters a month after an employee reported that the laptop had gone missing during “routine business travel”, according to the spokesperson.
Like many other organisations that lost US customer data, the oil giant offered affected claimants free credit monitoring services.
“The sobering part of this regrettable incident is that it happened because a single laptop was lost or stolen,” said Paul Ducklin, head of technology for Sophos’ Asia Pacific region.
“We all need to lift our game, even in countries like Australia, and much of the rest of Asia Pacific, where security breaches can simply be swept under the carpet thanks to the lack of mandatory disclosure laws.”