Matthew Hathaway reports:
A local union pension fund sent mailers that included Social Security numbers of the recipients printed on the outside of the envelopes, according to members of the Carpenters District Council of Greater St. Louis and Vicinity who received the letter.
The mailer states that there are more than 24,000 beneficiaries of the pension fund. Because union officials could not be interviewed for this story, it is unclear how many mailers were sent.
[…]
A St. Louis carpenter said that he received the pension notice on Saturday, and that since then he has complained to the union, the Missouri attorney general’s office, the Social Security Administration and the Federal Trade Commission.
[…]
Laws in Missouri and Illinois require businesses and organizations responsible for data breaches to alert those affected. In Missouri, breaches affecting more than 1,000 people also must be reported to the Missouri Attorney General’s office.
A spokeswoman for Missouri Attorney General Chris Koster said the union has not reported the data breach.
Read more on stltoday.com
Does Missouri law require notification if the breach starts with a computerized database but the exposure involves paper records? Anyone know?