Digital Currency Group recently encountered a data privacy issue involving their 401(k) plan. On June 5, 2024, American Trust inadvertently sent a report about the plan to human resources employees at CoinDesk, its new owner, and its 401(k) service provider. This report was sent via encrypted email but mistakenly reached unintended recipients.
The report contained sensitive personal information about certain 401(k) plan members, including names, addresses, and Social Security numbers. Although American Trust used encryption to protect the data, there were concerns about the potential misuse of this information due to the unintended recipients. However, American Trust has indicated that they do not believe there is a significant risk of misuse.
In response to the incident, Digital Currency Group has been working closely with American Trust to understand and address the issue. American Trust has taken corrective actions, including revoking access to the encrypted email and confirming with each unintended recipient that they deleted the email and did not retain copies of the report.
As a precaution, Digital Currency Group is offering affected employees complimentary credit monitoring and identity restoration services for two years. They have provided a Reference Guide with information on how to register for these services and additional details on protecting personal information.
Reference: