Lincoln National Life Insurance Company and Lincoln Life & Annuity Company of New York recently notified 705 individuals of a breach following an e-mail error by a home employee.
According to their letter to the New Hampshire Attorney General’s Office of July 13, on April 29, the employee sent an encrypted email to a third-party payroll provider that inadvertently included an attachment with the names and Social Security Numbers of participants in all groups in the pension plan. The attachment should only have included the data of those in just the one group of the plan that contracts with t hat payroll vendor. The company learned of the error on May 17.
You can read their notification to those affected on the NH AG’s web site.
As far as human error breaches go, this is one of those where I suspect most people would agree there’s very little risk of harm to those affected, right? Well, unless it turns out that there was malware sitting on the recipient’s system that captured it and transmitted it. But overall, the risk seems relatively low. So what did it cost the company to deal with this breach and to offer those affected services, and what did they lose in productivity while they dealt with this? And what would these costs do to a smaller business without as many resources? Can small businesses afford simple human error?
The question is did the encryption extend to the attachment or only the message?