I can’t access the entire article, but found this article by Jim Hammerand today while reading something else he wrote:
The bidder was just interested in the file cabinets.
But for $10, he got something much more valuable: dozens of boxes of corporate records, chock full of sensitive employee data, customer information and internal documents.
The company, Minneapolis-based Ulysses Telemedia Networks Inc., has been long shuttered by legal battles. Nearly 10 years later, the tech firm’s former employees were shocked to hear that their names, Social Security numbers, bank account numbers and medical information went to the highest bidder.
Read more: St. Paul Business Journal (subscription required)
In a subsequent news story about the difference in notification requirements for electronic vs. paper records in Minnesota, Hammerand refers back to this breach and comments:
I wrote about a cache of corporate files that were auctioned off at a Twin Cities storage facility in a story for the Business Journal a couple of weeks ago.
Minnesota law requires companies to notify affected individuals of electronic data breaches. Non-electronic data breaches, however, are not subject to the same rules, and in the case of the breach I wrote about last month, Ulysses Telemedia Networks Inc. wasn’t forced to tell its former employees that it lost files including their Social Security numbers, medical records and financial information. The now-defunct company didn’t notify them before this newspaper’s inquiries, and doesn’t appear to have warned them since the story’s publication.