Through their attorneys, AdvancePierre Foods recently notified the New Hampshire Attorney General’s Office that a flash drive containing unencrypted personal information of its employees had been lost in the U.S. mail.
The October 6 letter indicated that on September 8, the firm had sent the flash drive to its 401k provider, Milliman. The envelope arrived on September 12, but it had been damaged and the flash drive was missing. The firm was informed of the loss on September 13.
Employee information on the lost drive included employees’ names, Social Security numbers, dates of birth, compensation amounts for 2009 and 2010, and dates of hire.
Letters were sent to affected employees on or about October 5, notifying them of the breach and offering them free credit monitoring services.
According to their web site, AdvancePierre Foods is headquartered in Cincinnati, and employs more than 4,000 people. The firm acquired Barber Foods in June 2011.
It is not clear how many employees had data on the lost drive.
Sending 401k data on an unencrypted flash drive via U.S. mail? Seriously? I shudder to think how many flash drives with unencrypted PII or PHI are sent via mail. Wouldn’t it make more sense to transmit the data electronically and securely? Yes, there’s risk with every method, but the system used by AdvancePierre Foods was obviously risky, as events proved. I mean, it’s not like nothing’s ever been lost or damaged by USPS, right?