The personal information of nearly 3,000 workers from large corporations around the state of Florida may be at risk after a sensative flash drive was stolen from a Florida Department of Revenue employee.
How many victims? 2,828.
What type of personal information? Names, addresses and Social Security numbers.
What happened? The flash drive contained a file with personal information for current or past employees of six large corporations that are being audited by the state. The flash drive was connected to a laptop that was stolen from the unlocked car of a Florida Department of Revenue employee’s home in Marietta, Ga., on April 9. The thief also took a cell phone and GPS device.
Details: The names of the companies being audited are confidential, Walter Boyd, the department’s chief confidential information officer told The Gainesville Sun.
The sensitive file was password-protected, but not encrypted – so, with the technical knowledge it would be possible for someone to access it, Boyd said. Currently, the department has guidelines that say flash drives should be encrypted, but it is not required, he said.
Quote: “We can hope for a stereotypical thief, some unsophisticated thief that just wants to sell the equipment and doesn’t know what’s on there,” Boyd said.
What was the response? Letters were sent to affected individuals. In addition, a new department policy is pending approval that would require flash drives and other mobile devices to be encrypted.
Source: Gainesville.com, The Gainesville Sun, “Stolen flash drive held personal data on 2,828 people,” June 24, 2009.