Let’s never forget the importance of physical security.
Attorneys for United Natural Foods Inc. (UNFI) report that in early October, UNFI was notified by police in Auburn, California that several old/retired laptops had been found in the possession of two homeless individuals on two occasions.
UNFI’s investigation revealed that the laptops had last been located at a UNFI-owned warehouse in Auburn that had been breached sometime between September 3 and October 3. Further investigation revealed that additional laptops and hard drives in storage, as well as paper payroll files, may have been compromised.
The Auburn police returned the stolen laptops to UNFI the week of November 18.
Personal information on the laptops or in the possibly compromised payroll files included first names or initials with last names and Social Security numbers and/or financial account or debit/credit card numbers – enough information to permit access to individuals’ accounts.
UNFI arranged to provide AllCLear ID services to affected individuals and took steps to prevent future incidents, including implementing new physical security measures at the warehouse, and reviewing all paper records to ensure timely destruction of records consistent with the company’s retention policy. They have also removed all retired hard drives and laptops from the warehouse and placed them in a more secure location. Finally, they are also working with the police and cooperating with the district attorney to prosecute those responsible.
The total number of individuals affected by the breach was not reported to the state, and there is no copy of the notification to affected individuals, but you can read the notification to the state on the New Hampshire Attorney General’s website.