Outside auditor Ernst & Young mailed a package with information on a flash drive about 401(k) retirement plan participants to one of its’ other offices, with the flash drive and the decryption code together, reports The Birmingham News. When the package arrived, the flash drive was gone, but the page with the decryption code was still there, the companies said in letters to employees.
Regions didn’t say how many 401(k) participants were listed in files on the flash drive, but said it contained names and Social Security numbers and may have included dates of birth.
Ernst & Young spokesman Charles Perkins said the security and confidentiality of client information is important to the firm and that it regrets any inconvenience or concern the incident may have caused. “We do not believe that the data has been accessed or misused in any way,” Perkins said, according to The Birmingham News. “We are working closely with Regions Financial to contact the individuals whose personal information was on the flash drive.”