SSA exposed SSNs, names, birth dates for 36, 000 people, IG says

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://fcw.com/articles/2011/04/14/ssa-privacy-breach-death-master-file.aspx

By Alice Lipowicz
FCW.com
April 14, 2011

The Social Security Administration publicly made available the names, 
dates of birth, Social Security numbers and other sensitive personal 
information on more than 36,000 people from May 2007 to April 2010 despite 
being warned about the privacy risks, according to a report from SSA's 
Office of the Inspector General.

The information was erroneously included in SSA?s Death Master File sold 
to the public. The 36,657 people affected were not deceased, and the 
release of the personal information was considered a breach of privacy, 
the report states.

The IG first told SSA officials in June 2008 to take precautions against a 
pattern of publishing the personal information of living people in its 
database of death-related information, the report states, adding that 
there was no indication that organized identity thefts were taking place.

However, SSA did not follow those precautions, and the agency continued to 
expose personal data of people mistakenly included in its Death Master 
File, according to the March 31 report.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/