Rubio's Restaurants Data Breach (2012)

On February 5, 2012, a CD-ROM containing a list of people who owned equity shares in Rubio's Restaurants was taken offsite by a third party vendor, BDO USA, LLP. Rubio's contracted with BDO to perform financial auditing services. A BDO employee removed the CD-ROM from site, where they believe it was stolen from her vehicle. The CD-ROM contained a partial equity roll, which includes names and SSNs. A subsequent letter from Bastien, dated Februry 28, warned that the breach also involved "certain information on workers compensation claimants, which includes claim numbers, date of loss, medical status and names. "The medical status portion is very brief, consisting of a one-line summary of the employees' claim for injuries or illnesses. "Please be assured that sensitive information such as social security numbers, addresses, telephone numbers, doctors' diagnoses and doctors' treatments were not included on the CD-ROM." The letter added that "BDO is offering to provide you with free credit monitoring and fraud insurance for one year."