The Miami Herald reports that 20,000 members of the Crow and Northern Cheyenne Tribes in Montana were notified that their personal information was on an unencrypted hard drive stolen from a Bureau of Indian Affairs law enforcement vehicle in Big Horn County.
The unencrypted device contained names, addresses, birthdates and tribal enrollment information for members of the Crow and Northern Cheyenne Tribes.
BIA Director Weldon Bruce Loudermilk said in a letter to tribal members that he was confident the hard drive was not accessed and no information was compromised.
The theft occurred December 4, and it’s not totally clear whether they recovered the drive from the report.
Did the employee violate policy and protocol by having unencrypted data in an unattended vehicle? What were the consequences to the employee, if any? There doesn’t seem to be any breach notification on BIA’s web site that I can find, and the report says that AP obtained a copy of the notification letter, suggesting that this wasn’t posted publicly.
Read more on the Miami Herald.