It must be headache-inducing enough to investigate one security breach. To discover a second breach while investigating the first, well, pass the Prozac.
On August 8 , lawyers for Ohio-headquartered Thirty-One Gifts, LLC notified the New Hampshire Attorney General’s Office that while investigating how administrative credentials had been misappropriated and used to transfer some consultants’ commissions to an unknown individual’s own bank account, they discovered that a laptop containing consultants’ information was missing. The firm does not believe that the two incidents were related.
In the first matter, the unidentified suspect may have accessed 28 consultants’ names, addresses, Social Security Numbers, and bank account information. The firm reports that fraudulent transfers occurred over two commission cycles late last year and were quickly detected internally. During that investigation, however, the firm discovered that a laptop was missing. At the request of law enforcement, they did not send out notifications about that matter until they were advised that they could – on August 10. The missing laptop contained an unspecified total number of consultants’ names, addresses, and bank account information; 27 residents of New Hampshire were notified about the missing laptop.
Thirty-One Gifts took a number of concrete steps to investigate both matters and to harden their security going forward, as outlined in their notification to the state and affected individuals, who were offered some free services.