Excerpted from an CNBC blog by Ruth Umoh

I was a senior HR manager at a foreign banking company. An employee came to my office and informed me that someone had stolen his identity and applied for credit cards in his name. I took down a report but didn’t think anything of it because I oversaw payroll and other sensitive information.

It wasn’t out of the ordinary for employees to notify me about changes to their banking information or if their bank account had been compromised. That way, I could make sure there were no issues with their deposits.

But a week later, another employee came to me with the same problem and my red flag went up. By the third employee, I knew something was happening. I realized we had an internal problem because it’s too coincidental for three employees to have identity theft within a three-week span.

My staff and I tried to figure out what was going on but we were getting nowhere.

After a few weeks, we hired an investigative company that specializes in fraud. They came to my office and requested the name, photo and address of everyone who has ever touched our employee files and I gave them a list of 15 to 20 people. One week later, they came back with the postmaster general and postal police officers who were armed with guns. They sat down, placed the list in front of me, pointed to a name and asked, “Who’s this person?”

You can read the full blog here.