Commenters amazed by way auditors lost Regions employee data

Regions Bank-0131.jpgRegions Financial says auditor Ernst Young lost employee 401k data stored on computer flash drive. (The Birmingham News / Joe Songer)

Personal information about Regions Financial Corp. current and former
employees was lost in November when a flash drive with the data came up
missing after being mailed by outside auditor Ernst Young in the
same envelope as the decryption code, Birmingham News writer Russell
Hubbard reported.

Regions informed employees of the missing data
in a letter dated January 23. The company also shared a copy of a letter
sent to its employees by auditor Ernst Young, which mailed the
package with information about 401k retirement plan participants to
another of its offices, with the flash drive and the decryption code
together. When the package arrived, the flash drive was gone, but the
page with the decryption code was still there.

In the online community, the reaction was a mixture of of amazement and disbelief. Read some of what people are saying:

• “Mailing them together? Dumb” — bhamliberal


“I would imagine Ernst and Young has many corporate clients with whom
they exchange confidential data. Surely they have a process in place
that is a little more secure and thought out than this. But, apparently
they do not.

“Maybe state and federal regulators should pay them a
little visit and do a complete top-to-bottom hot-seat audit of their
security practices.

“What other lax processes exist at EY?” — sonofthestranger

• “The bigger crime here is that Regions waited for 2 months to notify employees.

This
is clearly EYs fault, but Regions will suffer as well. You put
college term papers on thumb drives, not employee sensitive information.
” — hoovereagle

• “Something doesn’t add up here…

“1– the package arrived

“2– the flashdrive was not in the package

“3– the codekey was in the package

“Okay..
so, why on earth would a thief steal the flashdrive but not the codekey
needed to make any use of it, and then, even more puzzling, why would
he send it on it’s way to it’s intended destination? Why not just keep
the whole thing and make everyone think it was just lost in the mail
instead of drawing such attention to the matter in this way?

“My
guess is that the thief intended what happened to happen. EY looks
foolish Regions is in a panic. He might even attempt to blackmail
Regions soon, demanding something in exchange for the missing data.” – Kislath

Join the conversation, add a comment.

Article source: http://blog.al.com/businessnews/2012/01/commenters_amazed_by_way_audit.html