According to state Attorney General Dan Sullivan, the missing records related to Alaska state employees who participated in the Public Employees Retirement System and the Teachers Retirement System in 2003–2004.
The data loss emerged as part of a lawsuit between the state and Mercer, a financial firm that provided financial projects for Alaska's retirement systems. Alaska was suing Mercer over services that it had previously provided. Mercer had turned over financial modeling data that it had used to create a picture of the state's future retirement obligations.
PricewaterhouseCoopers was tasked with evaluating the financial models, which contained the personal records, but it discovered that the data had gone missing in December. The state of Alaska moved quickly to address the issue after it was made aware of the situation last week. It is currently notifying potential victims.
PricewaterhouseCoopers accepted responsibility for the data breach, and has agreed to pay for identity theft protection and either credit monitoring or a credit freeze, said Sullivan. It also agreed to reimburse the victims for any losses that they may incur as a result of ID theft. It would also pay for up to $100 000 of the cost of notifying affected individuals, he added.
"Our overriding goal has been to make sure that our citizens who might be at risk are protected," he said. "We have achieved that."