Auditors are gatekeepers. Or something. They are trusted to keep client confidentiality on many matters and are entrusted with very sensitive information on a daily basis. They are paid handsomely for this so you can imagine the frustration a client must feel when something like this happens:
Personal information about Regions Financial Corp. current and former employees was lost in November when a flash drive with the data came up missing after being mailed by outside auditor Ernst & Young in the same envelope as the decryption code. Birmingham-based Regions informed employees of the missing data in a letter dated January 23, which the company shared after inquiries by The Birmingham News. The company also shared a copy of a letter sent to its employees by auditor Ernst & Young, which mailed the package with information about 401k retirement plan participants to another of its offices, with the flash drive and the decryption code together. When the package arrived, the flash drive was gone, but the page with the decryption code was still there, the companies said in their letters.
The News reports that the number of Regions employees whose data is on the drive isn't known but the company does have 27,000 total workers across the nation. Ernst & Young, for its part (well, it sorta has to own this), said in its letter that it "takes the security and privacy of personal information very seriously, as does Regions, and we deeply regret that this incident occurred," and not to worry because the E&Y team resonsible will be getting "additional training" on the handling of sensitive information.
Considering the snafu at hand, one might assume that this training may include things like "improving one's résumé" or "interview skills" or "considering another line of work," but there is no indication that is the case.
As for the Regions employees, E&Y is all over that too:
Ernst & Young said in the letter to Regions employees that is has arranged for them to receive one year of free credit monitoring. The auditing firm also said employees can arrange for a fraud alert with credit reporting companies, and encouraged them to "remain vigilant for incidents of fraud or identity theft" by reviewing account statements carefully. Ernst & Young spokesman Charles Perkins said the security and confidentiality of client information is important to the firm and that it regrets any inconvenience or concern the incident may have caused. "We do not believe that the data has been accessed or misused in any way," Perkins said.