I applied to a job with a big company I had worked for in the past, through their online career site. In order to submit the application they required my full social security number to be entered in the application. I was conflicted about the security of entering it, but the site stated my application would not be considered without it. I went ahead and submitted on a Thursday evening. I received an email acknowledgement at the email address I provided, which included a full copy of my online application, including my social security number. They apparently did not have code to restrict the ss # from disclosure through unsecured email. This email account was with a well known service provider. By the following Monday, I received and auto reject letter, which was the fastest response I had ever received and I was alarmed in case this was a scam to get my ss#.
I wrote to the CEO of the company and explained the breach of security that occurred. The following week I got an email from a talent manager at the company, asking me to contact her and I replied, but got her out of office notice. She did email back and gave me a phone number to call her as she was offsite all week. When I called I got vm stating she was unavailable, so I left a msg and my call back number, but she never called me back. I emailed again and asked that she at least delete my ss# from all their systems immediately. A couple of days later I received a terse email stating she had deleted my information, so I told her I was still waiting for an explanation as to why the ss# was visible in the email attachment. I never heard back from her, so I emailed the CEO and asked if someone could contact me as soon as possible as they didn't seem to be taking this very seriously.
A couple of days later I received an email from the Director of talent services, apologizing that his manager had not responded to my concerns timely and asked to set up a call time, which we did. When he called me, I shared my concerns with him about the publishing of my social security number across unsecure email systems, the requirement of a full ss# in the online app, (which was new) and the failure to establish a secure system and code to remove the ss# from the emails. Also that nobody had bothered to talk to me about it and I was left worrying about the exposure. He said he agreed with my views about all of these concerns and then went on to give me an explanation. He stated the company had recently merged and there were so many job applicants who were former employees of different companies now all merged, that they were in a real mess.
This is a major corporation and from my previous experience with the company, I new they had outsourced much of recruitment services to a big company. He explained that the servicing company had implemented this new requirement for the ss# in the online job app. so that they could verify who people were. He agreed with my opinion that obtaining the ss# at the beginning of the process was not a security conscious practice and that it was better to wait until a job offer was made. He then told me that I had brought a major security hole in their system and that a lot of people were working on it to try and fix the problem. He said he did not have access to alter the code, but were working on it to prevent the application being emailed back to prospective employees.
I was anxious about it, but because he was frank with me, I didn't want to make a fuss. However, I was later notified by my service provider that my email account was one of a large number that were hacked and that my personal information was compromised. I was instructed to change security questions and my passwords, which I did, but I have no idea what, if any of my email has been accessible to the hackers.
I believe Nevada does have a "Security of Personal Information" Statute, my question is, do I have any recourse against the company? They receive a lot of job applications, so thousands of people could have been impacted by this. It is rather an untenable position to be in, knowing that at any time someone could steal my identity. Thanks in advance to anyone who has time to respond.