[duxup]

I worked for a company with a few thousand employees.

HR had laptops with employee data on it stolen 3 times in two years. Each time they had left the laptop in their car after work when they went out to eat.

That, among other things is my long sad experience with HR.

It’s always some rando in a department / job where the rules don’t matter it seems.

[yowzadave]

I believe HR is commonly targeted by attackers, precisely because they have access to sensitive personal information on their employees. I used to work at a company where a high-level HR employee received an email purporting to be from the CEO, asking for a list of all employees and SSN's. Rather than asking critical questions about this request, they simply collected the requested information into a spreadsheet and emailed it to the attacker. Presumably all of our information was subsequently sold to identity thieves.

[nwoli]

Seems more likely that it was just a random laptop theft rather than a targeted SSN capture

[dangerboysteve]

Let me guess, also a non-encrypted disk ?