Medical treatment solutions developer Valeritas is notifying all staffers that security settings were inadvertently removed from a folder containing their personal information – including Social Security numbers – and it was possible for other employees to access the data.
How many victims? Undisclosed, but a LinkedIn page reveals the company has between 51 and 200 employees.
What type of personal information? Names, addresses, dates of birth and Social Security numbers.
What happened? The security settings on a folder containing the information were inadvertently removed and it was possible for other employees to access the data.
What was the response? The folder was secured and Valeritas began an investigation. Steps being taken to ensure personal information is secure include properly implementing and testing network access logging tools, auditing all network security settings to ensure all sensitive information is available to only authorized users, enhanced monitoring of network activity, security and access, and revising and implementing policies and practices to ensure access and security for files containing personal information is properly maintained. All impacted individuals are being notified, and offered a free year of identity theft protection.
Details: The folder is only meant to be available to human resources personnel, but the security settings were likely inadvertently removed by a network administrator at IT partner Z-Tech Associates on or around July 16 while fixing a connectivity issue with a member of the human resources department. One employee accessed the folder.
Quote: “We interviewed a number of other employees and have not found any additional instances of unauthorized employee access,” Kurt Andrews, VP of human resources at Valeritas, wrote in the notification. “To confirm our findings, we conducted searches of the network, email system and company-issued personal computers and no evidence exists that files with personal information have been copied or emailed.”
Source: doj.nh.gov, “Valeritas,” Sept. 23, 2014.