The employee was fired and is being prosecuted. The retailer is reviewing access controls and all impacted individuals are being notified and offered a free year of credit monitoring services.
"The employee obtained and distributed to a third party the following account information...account holder name, address, phone number, date of birth, and the brand, primary account number and expiration date of the credit card used."Reportedly the identity thefts took place between May 7-21, 2014 but it is unclear how the thefts were detected. Organizations seeking to proactively detect identity thefts and breaches of data privacy can utilize low-cost on-demand SaaS analytics services.
- Notification letter to the New Hampshire Attorney General
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
(a) Re: Notification of Potential Data Breach Pursuant to NH Rev. Stat. 359-C:20 - www.DOJ.NH.gov, 05/27/2014