The packages, which H&R Block mailed in December, contained free copies of the company's tax preparation software, TaxCut. By mistake, some of the packages also displayed recipients' Social Security numbers, which were embedded in 47-digit tracking codes above mailing labels.
The company, based in Kansas City, Mo., informed affected customers of the error via letters sent on Dec. 22 and on its . The Web site advises those affected to monitor their financial accounts and credit reports and place a fraud alert on their credit reports if they suspect identity theft.
Yet H&R Block said the risk of identity theft based on the incident is low because the Social Security numbers are hidden in a long string of characters and aren't formatted like Social Security numbers with dashes between numbers.
The number of people affected by the problem is unclear. H&R Block spokeswoman Denise Sposato said it's less than 3 percent of the people who received the packages. She declined to specify how many people overall were included in the mailing.
"It was a regrettable incident and is contrary to any of our established procedures at H&R Block," Sposato said. "Confidentiality of customer information is our No. 1 priority."
Sposato said the incident was a result of human error and that the company is reviewing its procedures to ensure it doesn't happen again. No data has been lost or stolen as a result, she added.
Reports of careless handling of consumer data are becoming all too frequent. The hotel chain Marriot reported on Tuesday that it hascontaining data on more than 200,000 customers, including credit card and Social Security numbers and bank details.