DENVER - The state is warning 18,800 former and current state workers to watch out for identity theft because a USB drive containing their private information is missing.
The thumb drive was lost when a state employee was transporting the USB drive between work locations, the governor's office of information technology said.
On the USB drive was an electronic file that contained names, Social Security numbers and some home addresses of state personnel.
"There is no indication that this information has been misused or stolen," said Tauna Lockhart, with the governor's IT office.
The state said out of an abundance of caution it is contacting every individual with a phone call and/or letter to notify them, apologize, and direct them to resources through the Colorado Attorney General’s Office for additional identity protection information.
"The Office of Information Security is continuing all necessary efforts to recover the file," said Jonathan Trull, Colorado’s Chief Information Security Officer. "We are also reviewing and revising procedures and practices to minimize the risk of recurrence."
Lockhart said the employee who lost the thumb drive did not follow established protocol for securing data and has been disciplined, although the disciplinary action that was taken was not specified.
The letter that was sent to the people affected says:
"We are writing to you because an electronic file containing your personal information cannot be accounted for … There is no indication that your information has been misused or stolen, and we are continuing efforts to account for the file. Still, we wanted to alert you to the potential that someone not authorized to access the records could have seen the information, although that is unlikely. As a precaution we recommend that you visit the Colorado Attorney General's Office's website at http://www.coloradoattorneygeneral.gov/initiatives/identity_theft, which contains information on how to protect yourself from the possibility of identity theft. Once again, we do not have any indication that your information has been misused or stolen and believe such misuse is unlikely. We deeply regret that this incident occurred. We want to assure you that we are reviewing and revising our procedures and practices to minimize the risk or recurrence. Should you need any further information, please contact the Office of Information Security at email@example.com."