Breach Notification: The State Of Maryland Does It Right
FTC To Study ID-Theft Victims' Experiences With National Credit Bureaus

Data Breach At Colt Express Outsourcing Services. Vendor Leaves Data Breach Victims Hanging

According to PC World, a data breach occurred Colt Express Outsourcing Services when thieves broke into the company's Walnut Creek, California offices and stole several computers. Colt Express administers the benefit plans for C/NET and other companies. About 6,500 C/NET employees have been notified.

The computers contained very sensitive personal information including names, birth dates, Social Security numbers and employment information. This story highlights the fact that outsourcing vendors can be identity theft targets, since these vendors are a rich source of sensitive data about employees and contractors.

Four days after the break-in, Colt Express installed a security system with an alarm. It is unclear whether the information was encrypted or not. According to the PC World news story:

"Customers looking for free credit-monitoring services from Colt Express should not get their hopes up, however. Colt's letter included some marketing materials for Kroll, a company that helps companies respond to data breaches, but the information was provided "only out of courtesy and to give you an idea of the types of services available... By this letter and enclosures we are providing you with all the information we believe you need and that we are able to give you. We do not have the resources financial and otherwise to assist you further."

Apparently, Colt Express is going out of business. Regardless, I encourage the affected companies to look for a benefits plan administrator with strong data security processes in place. Or, the affected data breach victims should pressure their employers to select a benefits plan administrator with strong data security. Colt Express is not very responsive to the needs of its data breach victims. I've Been Mugged readers are well aware of the damage identity thieves can do with stolen Social Security numbers.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

stevemartin

The outsourcing firms create a place for your accounting firms to breathe in. Apart from this, you don’t have to waste time in checking every bill to be included in the accounts.

Anon

I got one of these letters today. I am very suspicious of it as the company logo on the letterhead(Intuit)is not correct and the name used is not the one I used with the company. Plus the address is an old incorrect one from a credit card company. I don't believe the letter is legit. The Kroll form asks for all the private info that was stolen. Interesting as the letter states that I "may" be affected not that I am. Looks like a scam to phish info. Letter is going in the trash.

Tim

Intuit was definitely affected by this breach. Now I have to worry about my 2 kids identities! The beneficiary information got breached.

So I am asking Intuit to reiimburse me for credit freezes on my 2 kids. They will not be needing any credit for at least 5 years and it will give us peace of mind...

I bet Intuit will cheap out and not reimburse me though!

REM

The logo on the letter is correct. Intuit's logo has changed -take a look at their website. However, I'll still be calling Intuit to verify the letter before sending an information to Kroll.

Offshore Outsourcing Company

Thanks for sharing this post with us.

Outsourcing Service

REM Can you specify Intuit official website URL ?

Dave Mathews

The extent of damage and security breach out of this incident is beyond the imaginable. The importance of security in all aspects should never be neglected at all times, especially for firms that hold a massive amount of sensitive private information. Investing in building security and data security is definitely a wise decision as it overshadows the risks of an unsecured building.

The comments to this entry are closed.