So TrustHCS hires Human Resource Advantage (“HR Advantage”) to provide employment resources support.
HR Advantage stupidly (yes, I said stupidly) sends unencrypted employee information on a thumb drive via U.S. mail to TrustHCS. The information included names, Social Security numbers, dates of birth, bank account information, postal and email addresses, and any leave of absence requests, including those submitted under the Family Medical Leave Act for several employees and former employees of TrustHCS.
The envelope arrives March 1, sans thumb drive.
But you probably guessed that already, right?
Both firms are reviewing their security policies and improving them. Those affected have been offered credit monitoring with AllClear ID.
You can read HR Advantage’s law firm’s notification to New Hampshire here.
But there really ought to be a law that says that says entities that mail unencrypted information should never be allowed to tell anyone they take security very seriously.