BJs Wholesale Club Flash Drive With Employee Social Security Numbers Missing
Monday, February 11, 2008
BJs Wholesale Club recently sent a letter out to several of their employees. During a in-house project to update a list and get rid of the use of Social Security numbers and instead use employee ids. However the data was backed up onto a USB flash drive, unencrypted and without theft recovery software on it. Sure enough the drive has gone missing and so letters went out to the employees affected.
It is great that BJs notified their employees immediately and that the goal of the project was to remove Social Security information from their database, however the flash drive should have been encrypted when containing sensitive information as well as had software that could help identify the device’s location if it was stolen, as it could reveal a larger problem of internal data theft.
