Lost USB Drive Exposes Sensitive Data from Wolf and Company

The Boston-based CPA firm Wolf & Company recently began notifying an undisclosed number of people that their names and Social Security numbers may have been exposed when a USB drive was lost in the mail (h/t DataBreaches.net).

A Wolf & Company employee mailed a USB drive to a client, a bookkeeper, on March 11, 2014, but when the envelope arrived, the drive was missing. While the employee had been unaware that the drive contained sensitive information, it did include a QuickBooks file containing names and Social Security numbers.

“The bookkeeper said that the plastic envelope from the Postal Service was sealed, so we believe the USB drive is still at one of the Postal Service processing facilities,” Wolf & Company information security officer Matthew J. Putvinski wrote in a letter [PDF] to the New Hampshire Attorney General’s Office.

Still, Putvinksi noted, “We are in the process of changing our Information Security Policy to prohibit the mailing of all unencrypted portable media such [as] USB drives and CDs/DVDs regarding of whether or not we believe it contains sensitive personal information or not.”

All those affected are being offered free access to credit monitoring services.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles