From their website today:
Maschino Hudelson & Associates (MHA or the Firm), an employee benefits broker, announced today that it is notifying approximately 5,500 people that a laptop containing some personal information was stolen from the trunk of one of their employee’s cars on or about April 2, 2014. The Firm immediately notified the police but the laptop has not been recovered.
The laptop contained personal information such as name, address, date of birth and Social Security number for employees of some of its customers. In addition, the laptop may have also included some claims information. The Firm has performed and continues to perform a forensic analysis of the data that may have been stored on the laptop. The Firm has no indication at this time that any harm has occurred as a result of this incident.
MHA takes privacy and the safety of personal information very seriously. The Firm maintains a variety of protocols, procedures and systems designed to prevent unauthorized access to a client’s personal information. Employees receive regular training about how to protect confidential information. The Firm treats situations like these with the utmost importance not only to meet their legal obligations, but also the interests and concerns of their clients. Despite the Firm’s efforts, sometimes losses happen. MHA is taking actions to tighten electronic media policies, along with other measures, designed to ensure that this does not happen again.
The Firm has notified each affected individual in writing, explained the situation and advised the individual on how to take advantage of the free credit monitoring and put a fraud alert on their files. Approximately 3,800 of the individuals receiving a letter from the Firm concerning the security incident reside in Oklahoma. The Firm is also providing a toll-free number, (877) 283-6562, through which people who receive a letter can ask questions.
The incident was reported to the Maryland Attorney General’s Office (pdf).
If they take privacy and security seriously, and if employees are trained, etc., etc….
– Why are employees taking this data offsite — and leaving it in their cars?
– Why is that data even stored on laptops?
– Why aren’t such laptops heavily encrypted AND protected with LoJack or something comparable, which would help in recovering stolen units?
Another company that doesn’t walk the talk. Glad I’m not one of their clients!
Yeah I am one of their clients and I agree