KY: retiree data sent without proper security

[kirniki <kirniki () gmail com>]

http://www.courier-journal.com/article/20090318/NEWS01/90318044/1008

FRANKFORT, Ky. — Names, dates of birth and Social Security numbers of
roughly 28,000 state retirees were e-mailed to the Kentucky Retirement
Systems without being properly encrypted for security purposes by its
pharmacy benefit provider.

The likelihood of any harm is “minimal,” but there is a “remote”
possibility that the records were accessible while being transmitted,
the Walgreens Health Initiative said in a letter it sent to retirees’
affected by the incident.

Walgreens is taking sole responsibility for the problem, according to
the letter.

Mike Burnside, executive director of the retirement systems, said
officials have no reason to believe the data fell into the wrong
hands.

Walgreens said in the letter that it sent the file to a “single and
proper” contact at KRS and that it confirmed that person received the
e-mail.

The e-mail contained dates of birth, Social Security numbers and
health insurance claim numbers but not personal health information.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

CREDANT Technologies, a leader in data security, offers advanced data encryption solutions.
Protect sensitive data on desktops, laptops, smartphones and USB sticks transparently 
across your enterprise to ensure regulatory compliance.
http://www.credant.com/stopdataloss