OptiNose US Inc. has been notifying some of its consultants that their names and Social Security numbers were on a laptop stolen from an employee’s car.
The laptop was stolen on March 26 in a Philadelphia suburb, and OptiNose started sending out notification letters on April 16. The letter did not inform recipients that the laptop was stolen from an unattended vehicle. The letter states that OptiNose “has no information that any personal data has been accessed by an unauthorized party.” They do not state whether there was any software on the laptop that would even provide such information.
OptiNose offered those affected credit monitoring at the firm’s expense, but get this – enrollees have to pay for the service and then submit a request for reimbursement.
The notification letter does not indicate whether the employee was disciplined at all or what steps OptiNose is taking to prevent this from ever happening again.
If you get the sense that I am unimpressed with their handling of this breach, you’re right.
The incident was reported to the New Hampshire Attorney General’s Office on April 16 and the Vermont Attorney General’s Office on April 23.