Regions informed employees about the missing data in a Jan. 23 letter, according to a report by the Birmingham News.
According to the letter, an Ernst & Young office mailed a package containing the flash drive, which had information on the employees' 401k retirement plans, to another office. The information, which included names and social security numbers, was encrypted, but the office sent the decryption code in the same envelope, according to the newspaper.
When the package arrived in the second Ernst & Young office, the flash drive was missing, although the decryption code was still in the envelope.
Regions did not say how many 401k participants were listed in files on the flash drive. The company employs about 27,000 people in 16 states, including about 6,000 in Birmingham, making it the city's largest private employer, the newspaper noted.
"Ernst & Young takes the security and privacy of personal information very seriously, as does Regions, and we deeply regret that this incident occurred," according to a letter sent by Ernst & Young to Regions' employees. "Ernst & Young is taking steps to prevent this issue from reoccurring, including providing additional training to the Ernst & Young team that works with Regions regarding the proper handling of confidential information."
That additional training, one would hope, will include instructions not to include the decryption code in the same envelope as encrypted information.
Comments
peehoo says:
06 March 2012
This is impossible when using Envault Products!
http://www.envaultcorp.com/technology/benefits
Fred-Cox-CISA-CISM says:
08 February 2012
The value of ongoing employee information security awareness programs is often overlooked. A single employee makes a single bad choice.
For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe nail.
Fred-Cox-CISA-CISM says:
08 February 2012
The value of ongoing employee information security awareness programs are often overlooked. A single employee makes a single bad choice.
For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe nail.
SBLTD says:
03 February 2012
Simply amazing – another example of a provider of 'Security' who does not eat their own dog food. If we can’t trust companies of this stature to secure data, where do we go from there!!!
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.