Schwab Retirement Plan Services (SRPS) is notifying approximately 9,400 plan participants that a spreadsheet containing their personal information was accidentally emailed to a participant in another retirement plan serviced by SRPS.
How many victims? Approximately 9,400.
What type of personal information? Names, addresses, dates of birth, Social Security numbers, dates of termination (if applicable), employment statuses, division codes, marital statuses, and account balances.
What happened? A spreadsheet containing personal information belonging to participants in a company-sponsored retirement plan serviced by SRPS was accidentally emailed through a secure channel to a participant in another retirement plan serviced by SRPS.
What was the response? The recipient of the spreadsheet informed their plan sponsor, who in turn contacted SRPS. SRPS confirmed that the email and attachment were deleted from the company's email system and server, and were not forwarded. SRPS is evaluating steps it can take to prevent similar incidents in the future. All impacted individuals are being notified, and offered a free year of credit monitoring services.
Details: The email was sent on Aug. 25.
Quote: “While we have no reason to believe that your account information was used inappropriately, we want you to be aware of the incident,” a notification letter said.
Source: A Wednesday correspondence with a SRPS spokesperson; oag.ca.gov, “Participant Incident Notification Template,” Oct. 1, 2015.