More information is now available on the Snelling Staffing breach that had me confused. There’s still no explanation as to why a former employee had employee information on their home computer where it might have remained undetected if it were not for the databreach, but we now know that 9,757 individuals were potentially affected by the breach. The types of information exposed involved Social Security numbers, driver’s license numbers, dates of birth, home addresses, medical information, alleged criminal activity by the individuals, and/or drug test results.
Read the notification to New Hampshire here (pdf).
How magnanimous of Snelling: They offer some very basic to-do’s but place the entire burden on the victims of Snelling’s lax (if any) safeguards. Not even an offer of “credit protection services,” even if they’re of minimal value. Now each victim must spend hours placing credit freezes, monitoring all their finances and not knowing whether a perpetrator may hang onto the information and wait 18-24 months before using SS, DOB and other data to plunder their victims.
Oh, and why did Snelling take three months to even notify the AG? Let alone, as you rightly point out, the entire question of how a former employee winds up with this data at home…
Something is Smelling at Snelling…
Maybe unlike Target and all the other breached companies that offer the credit monitoring for their victims which is a total joke, Snelling figures unless you have a true service like idRadar or Lifelock, its just a waste of time. It does make them look bad not to offer anything. Now the consumer gets to do all the work to hopefully protect themselves. Good job Snelling!