The Baltimore CBS News affiliate reported during the weekend about a data breach at Under Armour, that exposed the sensitive personal information of employees. The company's auditing firm, PWC, lost on or about April 12 in the postal mail an unencrypted flash drive containing personnel information.
The data elements lost or stolen included employees' names, Social Security numbers, and pay. Under Armour has about 5,400 employees worldwide. Employees have been offered one year of free credit monitoring. PWC is investigating how its security failed.
This PWC data breach highlights the data security risks and impacts from an outsourcing vendor. And no client company wants a breach by their auditing firm. Sadly, this is not the first breach by an auditing or accounting firm. Notable breach history:
|Year||Company||Auditor / Accountant||# Records||Comments|
|January, 2012||Regions Financial Corp.||Ernst & Young
||Unknown||Sensitive personal financial information including SSNs of current and former Regions employees. Auditor from Ernst & Young mailed a flash drive and decryption code. Flash drive lost/stolen. Regions employs ~27K people in 16 states.|
|April 2009||Borrego SPrings Bank||Not disclosed||Unknown||Sensitive personal financial information including bank account names, numbers, and balances. Theft of 7 laptop computers from an auditing firm's office.|
|January 2008||Mariner Health Care, SavaSeniorCare Administrative Services, LLC||Windham Brannon||80, 124||Sensitive personal and financila information including current and former employees' SSNs, 401(k) data, DOBs, and salaries. Cash and several laptops stolen from Windham's Atlanta office.
|March, 2007||Springfield City Schools (Ohio)
||State Auditor||1,950||Sensitive personal information of current and former employees. Theft of laptop from a state auditor employee's vehicle parked at home.|
|October 2006||Community National Bank||Crowe Chizek||90||Sensitive personal and financial information including SSNs, tax ID numbers, and account numbers. Two laptops belonging to Crowe auditors were stolen from a car in a restaurant parking lot.
|October 2006||DirecTV||Deloitte & Touche||55||Names and SSNs of some current and former employees. Laptop stolen during the home of a Deloitte & Touche employee.
|Data Source: Privacy Rights Clearinghouse