STATE WORKERS, firefighters and the N.H. Troopers Association are upset they weren’t warned their personal and medical information might have been compromised.
They complain the New Hampshire Municipal Association’s benefits administration operation should have been more forthcoming about a potential breach of personal data early this month.
The NHMA’s Local Government Center handles health insurance, life insurance, disability, dental and other benefits for roughly 100,000 public workers at the state and local levels.
On Aug. 6, some of that personal information was missing briefly, deputy director Sandal Keeffe said. The issue is now a personnel matter, so she cannot comment on where the issue stands.
She did say workers have nothing to worry about, however.
“We have every confidence that the information remained secure, absolute confidence,” she said. “LGC did not notify workers covered by its benefits programs because we did not want to alarm anybody unnecessarily.” Concord Police told one news organization it has an open investigation into the matter. Keeffe said she can’t imagine why they haven’t closed it because there’s nothing left to investigate.
State Employees Association spokesman Jay Ward said word of the breach had spread among workers during the past two weeks.
“Certainly all our members are concerned about their information. If there was a chance it was compromised, they should have been alerted to that,” he said. “If nothing happened, then why did they call the Concord police?” Trooper Jill Rockey, secretary of the troopers association, said LGC should have been more open.
“I don’t think you’re pushing the panic button when you let people know there’s a potential breach that police have been notified about,” she said.
Maura Carroll, NHMA legal counsel, said there was a brief time when data was missing.
“Some records were mislaid. If we have mislaid something like this, we have a process where we go on alert to find them, and to make sure that nothing is released that should not be, and that’s what happened here,” she said. “It wasn’t released, so no harm done.” State law that took effect in 2007 requires businesses that suspect a security breach promptly determine the likelihood that the information has been or will be misused. If it has been misused, or misuse is likely to occur, or it can’t determine the risk, it must notify individuals involved as soon as possible.