26,000 NC retirees warned of security breach

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://blogs.newsobserver.com/business/26000-nc-retirees-warned-of-security-breach

North Carolina officials have warned about 26,000 retired government
employees that their Social Security numbers may have been exposed to
public view in an apparent security breach made in January.

The N.C. Department of Sate Treasurer this month advised beneficiaries
to remain vigilant for signs of identity theft that could result from
the "data security incident."

"We are notifying you so you can take action along with our vendor's
efforts to minimize or eliminate potential harm," the letter states.
"A victim's personal information is sometimes held for use or shared
among a group of thieves at different times."

The notice, sent by the agency's Retirement Systems Division, advised
beneficiaries that as many as 26,000 envelopes mailed in January
partially or fully exposed the recipients' Social Security numbers,
although the actual number affected is believed to be much smaller.

There is no indication that the exposed personal information has led
to identity theft or other crimes, the notice says.

"Social Security numbers were potentially displayed in the window of
the envelope due to a misalignment of printing," said agency
spokeswoman Heather Strickland. "The issue was brought to the
Department’s attention by a retiree."

The envelopes contained Retirement Systems 1099R forms, which are sent
to beneficiaries and list their 2012 benefits for income tax purposes.
This batch of envelopes was sent by Professional Mail Services between
Jan. 18 and Jan. 23.

The advisory also says that the retirees are entitled to one free
credit report from Equifax, Experian and TransUnion, to help track
unauthorized activity. The notice provides contact information for
each credit reporting agency.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.