Salvation Army Data Breach Compromises Employee Background Check Information

By Michael Klazema on 8/20/2015
A recent breach of a background check company contracted by the Salvation Army, among other organizations and companies, may have compromised the sensitive personal information of 100,000 people nationwide, according to a recent report from a Georgia CBS affiliate. Sources say that the background check company had information about their clients' employees and applicants on a laptop that was stolen out of a car, all the way back in May. Information contained on the computer ranged from personal details like names, addresses, and dates of birth, to more even more sensitive information, like Social Security Numbers. In the wrong hands, the information could lead to identity theft and other fraudulent crimes.

Salvation Army, the well-known Christian charitable organization with locations and presences all over the world, was just one of the many clients of the breached background check company. In fact, according to the CBS report, only 86 Salvation Army applicants were even compromised, just a fraction of a percent of the 100,000 people who may have been compromised in total.

The background check company that lost the computer isn't entirely sure how much client information someone might be able to access using the laptop. The 100,000-person figure, then, is merely an approximate or estimate that the firm revealed in a press release about the situation. The press release also noted that the laptop was password protected, and that there are so far no known cases of any data from the computer being exploited in any way.

The big question with this situation is why the sensitive personal information of so many different clients and applicants was contained on a laptop at any one time. It's a reminder that companies, when looking to hire background check firms, need to ask serious questions about the policies those firms have in place to delete and/or dispose of client information once background check reports have been delivered. As a Salvation Army representative interviewed in the CBS article cited above said, this breach was just of an employee laptop, not a company server containing all of the background check firms files. Why was so much information saved on a single employee laptop, considering the fact that a single employee could not possibly be working on 100,000 different background check reports at any one time, or even, probably, in any one year.

The other question is why an employee with a laptop containing the sensitive information of a hundred thousand different people knowingly left that laptop unattended at any time, let alone in a car, out of which laptops, phones, and other electronics are often stolen. Doing so was irresponsible to say the least, and puts countless people in harm's way, simply because they applied for jobs with companies that used this particular firm to run background checks.

Mistakes do happen and are understandable. Still, this situation should remind companies that they owe it to the people they hire, and the people they don't, to always observe safe and secure policies for storing or destroying documents containing personal employee/applicant information. And since secure information almost always needs to be passed on to background check companies to make applicant and employee screenings possible, employers need to know that those background check firms are observing the best policies to secure or dispose of that information as well.


Tag Cloud
Recent Posts

Latest News

  • March 15 As more states legalize the recreational use of cannabis, they contend with the emergence of new industries surrounding marijuana cultivation and production. 
  • March 14 In most cases, it is easy to determine where an issue might show up on a pre-employment background check. Citations for traffic violations or reckless driving charges will appear on a motor vehicle record check. Verdicts in a civil court case will show on a civil court background check. And criminal convictions—from petty theft to violent felonies—show up on criminal background checks.
  • March 13 How many years back do employment background checks go? This question can have multiple different answers depending on the situation.
  • March 13 A new bill in Florida would require landlords of apartment complexes to present tenants with verifications of employee background checks to give them peace of mind the people working in and around their homes are trustworthy.
  • March 08 Police officers working with the University of Texas at Arlington recently arrested a man who had avoided police capture on a warrant out of Oregon for nearly two decades. The man, whose real name is Daniel Charles Ray Hanson, spent those 17 years using a variety of fake names and identification documents to move around the country, often engaging with educational institutions under false pretenses. Police say Hanson regularly went by at least three different aliases. He sports a rap sheet that stretches back to an arson conviction in 1995. 
  • March 07

    The Future of EEOC Guidance in Texas Is Up in the Air

    The EEOC issued guidance in 2012 warning employers about the dangers of enforcing categorical policies to bar candidates with criminal histories. That guidance is not enforceable in Texas thanks to a recent court ruling.

  • March 05 Vermont is the latest state to restrict employers’ access to and use of social media accounts of employees and applicants. 
  • March 01 In an age of "industry disruptors" turning established business models on their heads, companies such as Uber and Lyft rely on a unique workforce of individuals outside the traditional employer-employee context. Uber calls them "partners" while other businesses refer to them as "independent contractors," the official classification these individuals use for tax purposes. Recently, the National Labor Relations Board (NLRB) revealed they had warned a business, Postmates, for misclassifying their staff as independent contractors. In the NLRB's determination, these individuals were employees.
  • February 27 Governor Asa Hutchinson signed House Bill 2216 which amends the employer’s directives regarding a current or prospective employee’s social media account.
  • February 23 A Texas summer camp is in the spotlight after an unflattering investigation from a local news channel. The case has some parents asking what they can do to vet summer camp programs before enrolling their kids.