SC Magazine reported on August 27th that Imhoff & Associates PC, a multi-jurisdictional criminal defense law firm, has sent out data breach notifications to clients after a firm backup hard disk (apparently unencrypted) was stolen from the locked trunk of an employee's vehicle.
The theft took place on June 27th and the hard drive has yet to be recovered.
The firm is notifying an undisclosed number of individuals that their personal information was stolen including Social Security numbers, names, addresses, phone numbers, birth dates, e-mail addresses and driver's license numbers.
The firm noted in its letter that it is strengthening internal processes regarding encryption, and enhancing policies, procedures and staff education on the safeguarding of company property and information. All impacted individuals are being notified and offered a free year of identity theft protection services.
“Imhoff has no reason to believe that the hard drive was stolen for the information it contained or that your information has been accessed or used in any way,” Vincent Imhoff, managing director of Imhoff and Associates, PC, wrote in the notification letter sent pursuant to California law.
And in case the moral of the story isn't abundantly clear, encrypt, encrypt, encrypt!