From Santa Cruz Biotechnology’s notification template:
On Monday, December 18, 2017, we discovered that a burglary had occurred in our Santa Cruz office on or around December 17, 2017. We immediately contacted law enforcement and began an investigation in order to determine what happened and what may have been affected as a result. As a result of our investigation, we have determined that two computers were stolen, both of which were used for HR functions, but neither of which are capable of remotely accessing our systems.
Now watch what happens because their policy and practice wasn’t followed:
While it was our general practice to store documents with sensitive personal information about employees and potential employees on our servers and not on the local computers, our investigation has revealed that records containing some personal information was stored on at least one of the computers. …. It is possible that the following personal information may have been accessed and acquired as a result of this incident: full name, postal address, date of birth, Social Security number, medical and health insurance information, and work-related evaluations.
Read the full notification here:
Santa_Cruz_Biotechnology_Consumer_Notification_Letter_0