Stanley Black & Decker breach notice, v2.0

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.databreaches.net/?p=27417

Don’t you just hate it when your breach response goes awry and
compounds the breach or you discover that your original analysis of
what information was involved was incomplete?

Last month, Stanley Black & Decker notified both California and New
Hampshire that a stolen corporate laptop contained employees’
information, including their bank routing and account numbers for
those who received reimbursement for expenses via direct deposit.

On April 15, however, the firm notified New Hampshire that in the
process of preparing notification letters, they experienced a mail
merge error that resulted in some individuals having the wrong
addresses.

While trying to address the mail merge error, and to compound matters
even more, they discovered that the stolen laptop had held the Social
Security numbers of some of the former and current employees.

As a result, the firm is sending out new notification letters to
everyone affected by the stolen laptop breach.

You can read their explanation to New Hampshire here.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.