The Arizona State Retirement System (ASRS) is notifying nearly 44,000 individuals enrolled in ASRS dental plans that two unencrypted discs containing their personal information – including Social Security numbers – were sent to a benefits company in Missouri, but were not received.
How many victims? Nearly 44,000.
What type of personal information? Names and Social Security numbers.
What happened? Two unencrypted discs containing the personal information were sent to Assurant, a benefits company in Missouri, but were never received.
What was the response? ASRS will now only use encrypted discs when sending sensitive information, and will pay for a tracking service to ensure the data arrives at its destination. All impacted individuals are being notified, and offered a free year of identity protection services.
Details: The discs were sent last month and Assurant notified ASRS at the end of last month that it had not received the discs. Affected individuals were enrolled in ASRS dental plans, and almost all live in Arizona.
Quote: “We don't think there was any wrongdoing, and there's no indication they were stolen,” David Cannella, an ASRS spokesperson, said, adding the discs were likely destroyed in the mail.
Source: azcentral.com, The Arizona Republic, “Potential data breach at ASRS; 44,000 retirees affected,” Oct. 27, 2014.