“A state employee lost the drive while transporting it between work locations,” the Governor’s Office of Information Technology (OIT) said in a statement. “There is no indication that this information has been misused or stolen.”
The drive contained approximately 18,800 names and Social Security numbers, along with some home addresses.
All those affected are being contacted by mail or phone. Still, while approximately 8,000 are current employees, the remaining 10,800 are former employees whose contact information may be out of date.
OIT spokesperson Tauna Lockhart said that while the state has a strict policy regarding encryption, the drive in question was not encrypted, and the employee repsonsible has been disciplined.
“The Office of Information Security is continuing all necessary efforts to recover the file,” Jonathan Trull, Colorado’s Chief Information Security Officer, said in a statement. “We are also reviewing and revising procedures and practices to minimize the risk of recurrence.”