Security Report Describes Multiple Threats Targeting Apple And Android Mobile Devices
Slamming And Your Home Energy Bills

Data Breach By PWC Exposes Personal Data Of Under Armour Employees

PWC logo The Baltimore CBS News affiliate reported during the weekend about a data breach at Under Armour, that exposed the sensitive personal information of employees. The company's auditing firm, PWC, lost on or about April 12 in the postal mail an unencrypted flash drive containing personnel information.

The data elements lost or stolen included employees' names, Social Security numbers, and pay. Under Armour has about 5,400 employees worldwide. Employees have been offered one year of free credit monitoring. PWC is investigating how its security failed.

This PWC data breach highlights the data security risks and impacts from an outsourcing vendor. And no client company wants a breach by their auditing firm. Sadly, this is not the first breach by an auditing or accounting firm. Notable breach history:

Year Company Auditor / Accountant # Records Comments
January, 2012 Regions Financial Corp. Ernst & Young
Unknown Sensitive personal financial information including SSNs of current and former Regions employees. Auditor from Ernst & Young mailed a flash drive and decryption code. Flash drive lost/stolen. Regions employs ~27K people in 16 states.
April 2009 Borrego SPrings Bank Not disclosed Unknown Sensitive personal financial information including bank account names, numbers, and balances. Theft of 7 laptop computers from an auditing firm's office.
January 2008 Mariner Health Care, SavaSeniorCare Administrative Services, LLC Windham Brannon 80, 124 Sensitive personal and financila information including current and former employees' SSNs, 401(k) data, DOBs, and salaries. Cash and several laptops stolen from Windham's Atlanta office.
March, 2007 Springfield City Schools (Ohio)
State Auditor 1,950 Sensitive personal information of current and former employees. Theft of laptop from a state auditor employee's vehicle parked at home.
October 2006 Community National Bank Crowe Chizek 90 Sensitive personal and financial information including SSNs, tax ID numbers, and account numbers. Two laptops belonging to Crowe auditors were stolen from a car in a restaurant parking lot. 
October 2006 DirecTV Deloitte & Touche 55 Names and SSNs of some current and former employees. Laptop stolen during the home of a Deloitte & Touche employee.
Data Source: Privacy Rights Clearinghouse


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.