School District Suffers Data Breach During Audit

A flash drive containing information about 403(b) or 457(b) plan participants that was given to an IRS agent was lost.

The Katy, Texas, Independent School District (ISD) has reported a data breach affecting more than 11,000 employees.

According to news reports, during an audit of the district by the Internal Revenue Service (IRS), a flash drive containing names, birth dates, mailing addresses and Social Security numbers for 11,658 current and former ISD employees was misplaced by an IRS agent. The news reports did not say what type of audit was being conducted, but did say the potential breach includes employees who received a paycheck or made a contribution to a voluntary 457(b) or 403(b) retirement plan during the 2013 calendar year.

In a letter to affected employees, Katy ISD said it does not believe the flash drive was deliberately stolen or misplaced or that any third party was involved in the incident. It also said it is seeking to recover costs from the IRS for enrolling employees in a credit monitoring service.