On July 7, 2009, the U.S. Department of Labor (“DOL”) announced that a former employee of a Kansas City, Mo. casino was sentenced to one year in federal prison and three years of supervised probation after completing her prison term. The former employee was also ordered to make approximately $38,000 in restitution.

According to the indictment, from November 2006 through July 2007, the employee stole the identity of a coworker in furtherance of several economic crimes that resulted in actual damages to the victim of over $38,000. In March 2007, the employee used her co-worker’s social security number and personal identification number to authorize an $18,000 distribution from her co-worker’s 401(k) account. Then, she allegedly used the mail to steal a distribution check and forged the participant’s signature. The employee was indicted on one count each of aggregated identity theft, mail fraud and theft from an employee benefit plan covered by ERISA.

Although the press release does not indicate how the employee obtained her co-worker’s social security number or personal identification numbers to authorize the 401(k) transaction, this criminal case is a reminder of the importance of protecting employee personal information. All employees in payroll, human resources and administration should periodically receive training and reminders about securing employee sensitive information. An employee’s personnel file left on an unattended desk, a medical claim form given to human resources for assistance, or an unsecured computer can all result in a leak of sensitive information.