What happened? Data was accidentally posted to a file-sharing website used to exchange information with third parties. It was accessed by two unknown parties.
What type of personal information? Names, Social Security numbers, addresses and birth dates.
Details: The files were removed within six hours, and the company has no reason to believe any of the data has been or will be used for fraudulent purposes. In an interesting twist, Kentucky, where Lexmark is based, was not required under state law to report the breach as the Bluegrass State is one of only a handful of states without a breach notification law on the books. But Lexmark chose to notify victims anyway.
What was the response? The company is offering affected individuals one year of free credit-monitoring and identity theft insurance services. In addition, Lexmark said it has implemented "several measures" to prevent a similar incident from occurring.
Quote: "We will continue to investigate and watch for any activity that suggests unauthorized use of the information. If new facts present themselves, we will reassess the situation." - Barbara Levy, company spokeswoman.
Source: kentucky.com, (Lexington, Ky.) Herald-Leader, "Exposed Lexmark data included Social Security numbers," Feb. 15.