Richard Berger, a CPA in Oakland, California, has been notifying clients after a burglar snatched three external hard drives with client data from his home:
His notification letter, which I’ve seen on both the California and Vermont Attorney General’s web sites, begins:
I am very sorry to inform you that three external hard drives were stolen from my home in the weeks prior to June 25, 2015, when I discovered the theft. These drives may have contained your personal information including your name, tax information, Social Security number and in some instances bank and investment account information. If you provided information about dependents, beneficiaries, employees or contractors, their names and Social Security number(s) may have been exposed as well. I have notified the Oakland Police Department, but to date the stolen hard drives have not been recovered.
So if he hadn’t been working with the external hard drives for a few weeks before June 25 (as suggested by the fact that he didn’t realize they’d been stolen until June 25), why weren’t they better secured in his home? If the drives weren’t encrypted, and he doesn’t suggest that they were, then why not throw them in a home safe, at least? The notification letter does not mention what steps Berger is taking to prevent a recurrence in the future.
Those being notified are offered 12 months of services with Kroll.
The total number of individuals impacted by the theft is not disclosed.