I hope this message finds you well. I am a licensed attorney with over a dozen years of experience handling this issue for a governmental entity. It is a pleasure to assist you today.
Based on the working of your synopsis, I assume that you are a private sector organization, perhaps a non-profit, that has this information in an effort to serve your membership and verify identity, etc. If that is not true, let me know.
The short answer is that the organization as a whole may bear some liability here if this results in harm to someone that was included in this information. The reason the organization is potentially at legal risk is that there are Federal laws which mandate how, when and under what conditions SSNs are to be used. Moreover, there are some state laws in Florida, that protect SSNs as well. Most of the state law information actually relates to the state government's protection of this information.
Here is some information on the Florida law as it pertains to protecting digital information (which may not be necessarily applicable for your situation).
Here is the Federal Office of Governmental Accountability Report on this issue relative to federal law, and some states.
Here is the main Florida law on protection of SSNs in the private sector:
The long and the short of all of this is that the organization has a duty to protect this information. It needs to have procedural safeguards and policies in place to prevent someone from removing this information from the premises without oversight or cause.
Since that sounds as though it is not the case, there is certainly the possibility of liability for the organization as a whole. The individual that removed and lost the information could also be liable civilly as well.
In short, it appears that both federal and state laws may have been violated.
Let me know if you have any other questions or comments.
Please rate my answer positively as well.
Best wishes going forward!