Ms. Kelly A. Ayotte
Attorney General
State of New Hampshire 33 Capitol Street
Concord, NI -1 03301
RE: Report of breach of security involving personal information Dear Attorney General Ayotte:
We are writing to inform you, pursuant to requirements of RSA 359-C:20(1)(4 that we will soon be mailing notification to 142 employees of UPS in New Hampshire that sensitive information related to them was accessed by a then-UPS employee who was not authorized to obtain the information.
During a routine information systems audit in February of this year, we discovered that names, Social Security Numbers, employee identification numbers, and job classification and status information had been downloaded to a UPS computer from our network by an employee of UPS. The information appears to have been downloaded along with an unrelated software program that we believe was the focus of the download. We immediately initiated a comprehensive forensic investigation of the incident, and we did not find any evidence that the employee intended to access, misuse or disclose the information. However, because we are not able to determine conclusively that the information was not subject to misuse or additional disclosure, we have notified affected individuals of the incident in an abundance of caution so they may take steps to protect against fraud or misuse of the information.
We expect to send the notifications to the 142 affected individuals in New Hampshire by June 11, 2007. A copy of the letter we will be sending is attached for your files.
We are available to answer any questions you may have about this incident. Please contact me at 404-828-7174 if you have any questions and if we can provide additional information.
Christopher D. Lang UPS Attorney