RALEIGH - A laptop computer containing files on 30,000 taxpayers was stolen from the car of an N.C. Department of Revenue employee last month, and state officials are cautioning everyone on the list to keep an eye on their finances for potential fraud.
The Revenue Department this week dispatched letters to all 30,000 people, apparently the first such episode since the enactment of an N.C. law last fall requiring government agencies to notify consumers when their data are lost or stolen.
Police have not recovered the computer, but the Jan. 10 letter from Secretary of Revenue Norris Tolson said state officials are not aware of anyone gaining access to the data.
"There is no indication that the computer was stolen to obtain information," Tolson wrote.
The incident comes amid a steady rise in identity theft nationally and after several high-profile cases of data theft involving businesses and government agencies at the national and state level.
The state employee was attending a department seminar at a Raleigh hotel in mid-December when a thief broke into her car and snatched the computer, according to Kim Brooks, the department's spokeswoman.
The files did not include tax returns but did hold data such as Social Security numbers or federal employer identification numbers and tax debt owed to the state.
Brooks said that it is unusual for a single computer to hold so many files but that the employee was working on issues that required having the information accessible.
"Some (department employees) do have laptop computers," Brooks said, "because when they go out to talk to taxpayers that's often the fastest way to not only record data but have access to it when they need it."
The employee's car was locked, and she had followed department policies about securing the computer, Brooks told the Observer. The computer contained security features, but Brooks said officials are examining additional software safeguards.
Department officials were able to track down the names of the taxpayers on the computer in order to dispatch the letters this week.
The data on the computer create a risk of identity theft. A crook could potentially secure a credit card in someone else's name or commit other misdeeds.
"We certainly regret this happened," Brooks said.
Raleigh police and the State Bureau of Investigation are pursuing the case. The Department of Revenue did not announce the theft earlier because it was likely the thieves did not know what they had, and it gave the department time to contact taxpayers by letter.
Last year the General Assembly passed a law requiring government agencies to notify consumers when their information is lost or stolen. The bill was proposed after the Observer reported a loophole in current law that required only businesses to disclose the loss of such data.
A majority of the more than 200 data security breaches revealed nationwide since 2005 have come from government agencies, including four of the seven incidents in North Carolina.
Last September, for example, the N.C. Division of Motor Vehicles notified 16,000 people whose information was inside a state-owned computer stolen in Louisburg. In May, a laptop computer with the Social Security numbers of 17.5 million veterans was stolen from the home of a U.S. Department of Veterans Affairs analyst near Washington.
Credit card companies, financial service firms and businesses such as clothing company Polo Ralph Lauren have reported data thefts in the past two years involving millions of customers.
The letters from the state Department of Revenue listed a toll-free number set up to answer questions from the 30,000 North Carolinians about the computer theft and encouraged the taxpayers to monitor their finances for any unusual changes, including checking with the major credit rating agencies.
911 for ID Theft
If you suspect your personal information has been stolen, you can call the major credit rating agencies:
Equifax: 800-525-6285
Experian: 888-397-3742
TransUnion: 800-680-7289
Also:
Social Security Administration: 800-772-1213
Federal Trade Commission: 877-438-4338
On the Web:
www.consumer.gov/idtheft
www.idtheftcenter.org