Craig Harris reports:
Nearly 44,000 state retirees may have had their personal data compromised in a security breach, and the Arizona State Retirement System is spending about $291,000 to provide identity-protection services for them.
The pension system this month began notifying affected retirees, all of whom were enrolled in the ASRS dental plans.
[…]
Cannella said the problem began last month when the system sent two unencrypted computer discs containing the first and last names and Social Security numbers of members enrolled in ASRS dental plans to a benefits company, Assurant, in Kansas City, Mo.
Assurant, at the end of last month, informed the ASRS that it had not received the discs, and the trust began searching for them. When the ASRS could not find the discs, the fund began notifying those affected and apologized in writing.
Read more on The Republic. And yes, they acknowledge that the discs were supposed to have been encrypted, but weren’t.