Do Not Use Acronyms When Completing This Template

LOST, STOLEN, OR COMPROMISED
PERSONALLY IDENTIFIABLE INFORMATION (PII)
BREACH REPORT
INSTRUCTIONS

Use the template on the following pages to initially report and provide updates on the occurrence of lost, stolen, or compromised sensitive Personally Identifiable Information (PII).

Do not use acronyms when completing this template.

When events require an update to the original report due to significant changes, provide previous dates the report was submitted, any revisions or additions to, the original report in red text and note it as an updated report in item #3 of the updated report.

Submit this template and any subsequent updates to the Operational Support Manager, WIA Administration Unit, Connecticut Department of Labor (CTDOL).

Instructions for use of the reporting form found on the following pages 2 – 4:

1. thru 7. / Self-explanatory
8. / Describe the breach. Summarize the facts of the breach, clearly, in 150 words or less, as you currently know them, including:
Facts and circumstances surrounding the loss, theft, or compromise
If the breach was internal, external, accidental, or intentional
Type of incident and if the data was in a secure location (e.g. locked room, cabinet, etc.)
If any documents were posted to CTDOL’s Internet or Intranet
If any documents were faxed inside or outside of CTDOL
Whether the breach was investigated, if the breach was isolated or a systematic problem, who conducted the investigation and any preliminary results available
Whether the impacted individuals will be or were notified within 10 business days, or if necessary, action was initiated to notify CTDOL of the inability to meet this notification requirement
Any other pertinent information that you believe is relevant and pertinent
9. / Describe actions relevant to the incident,e.g. actions taken to mitigate any harm that could result form the loss; remedial actions that have been, or will be taken to prevent similar incidents in the future; if the data was recovered; additional training conducted; policy or guidance issued, etc.
10. / Self-explanatory
11. / Indicate the system of records associated with the collection of the information that was lost, stolen, or compromised.
12. / Self-explanatory

BREACH REPORT
LOST, STOLEN, OR COMPROMISED
PERSONALLY IDENTIFIABLE INFORMATION (PII)

Please use BLACK TEXT for the initial report.

Please use RED TEXT for any update to the initial report.

Submit this report and any subsequent updates to:

Operational Support Manager
WIA Administration Unit
Department of Labor
200 Folly Brook Blvd
Wethersfield CT 06109
1. / a. / Date Breach Occurred:
b. / Date Breach Discovered:
2. / Date Breach Reported to CTDOL:
3. / a. / Is this the initial report of the breach? / Yes: / No:
b. / If “no”, list the dates of the previous reports: /
4. / Please identify any state agency involved in the breach:
add additional rows if more than one
Name
Title
Organization
Address
Telephone
E-mail address
5. / Please identify each non-state entity involved in the breach:
add additional rows if more than one
Name
Title
Organization
Address
Telephone
E-mail address
6. / Total number of customers affected by the breach:
Known
Unknown
Category/ies: / WIA Customer
Wagner-Peyser Customer
Other:
7. / This breach involved the following: check all that apply
Paper Records / E-mail
Information-sharing / Record disposal
Equipment (e.g. computers, storage devices, laptops, etc.) / Other:
If equipment, how many total number of pieces are involved?
What was lost, stolen or breached?Check all that apply
Computer Processing Unit (CPU) / External Hard Drive
Laptop/s / Cell Phone
Data Stick / FlashDrive
Network Intrusion (i.e. “hacking”) / Other:
How was the equipment protected? Check all that apply
Personally-owned / Password-protected
Contractor-owned / Encryption software installed
Government-owned / Not protected
Other:
If e-mail was involved in the breach, complete the following: check all that apply
E-mail involved a non-state entity
E-mail involved a state agency
E-mail involved being sent to the public
Other:
Identify the types of PII involved in this incident: check all that apply
Social Security Numbers (SSNs) / Date of Birth (DOB)
Names / PHI (Personal Health Information)
Personal Home Address / Financial Information containing PII
Personal Telephone Numbers / Passwords
Personal E-mail Address / Other:
8. / Describe the breach in 150 words or less.
Bulleted format is acceptable.
9. / Describe the actions taken in response to the breach, in 150 words or less:
Bulleted format is acceptable.
10. / Potential estimated impact of the breach: Choose ONE of the following
LOW / Potential impact is LOW if the confidentiality, integrity and/or availability of the PII that was breached could be expected to have a limited adverse effecton organizational operations, organizational assets, or persons.
MODERATE / Potential impact is MODERATE if the confidentiality, integrity and/or availability of the PII that was breached could be expected to have a serious adverse effecton organizational operations, organizational assets, or persons.
HIGH / Potential impact is HIGH if the confidentiality, integrity and/or availability of the PII that was breached could be expected to have a catastrophic adverse effecton organizational operations, organizational assets, or persons.
11. / Associated System/s breached: List the systems involved in the breach
CTWBS (CTDOL MIS)
E-mail. Indicate all involved:
Other:
12. / Person submitting this report:
Name
Title
Organization
Address
Telephone
E-mail Address
Date submitted:

Page 1 of 4