More than 5,200 current and former employees working for the city of Charlotte, N.C. are scrambling to check their bank accounts and credit reports this week after a leading benefits consulting firm acknowledged that two DVDs containing a goldmine of personal information have gone missing.
According to city officials, the DVDs storing information including names, birth dates and social security numbers failed to arrive at Towers Watson & Co.'s (NYSE: TW) Atlanta office sometime in February.
The data breach affects current employees, as well as former workers who received health insurance benefits through Towers Watson & Co. as far back as 2002.
The files, which also included prescription drug information for a handful of employees, were not encrypted.
A spokesperson for Towers Watson said thus far it doesnt appear that anyone's information has been accessed or used for any nefarious purposes. Regardless, the company is offering all affected Charlotte city employees two years of free identity-theft monitoring services. It's also set up a hotline for concerned employees to call for more information on the incident.
North Carolina is one of 46 states that have passed legislation requiring businesses and government agencies to notify people when their personal information has been accessed, lost or otherwise compromised.
The incident is but the latest in a series of high-profile security breaches that occurred when unencrypted patient, employee or customer data was lost or stolen -- a costly nightmare not just for the victims, but for the IT professionals tasked with safeguarding corporate data. A similar situation happened to New Mexico Medicaid recipients earlier this month when a car containing a laptop holding unencrypted patient data was stolen in Chicago. In that case, some 9,500 patients had their names, addresses, phone numbers and social security numbers exposed.