BreachExchange mailing list archives
State of Calif. mistakenly publishes thousands of SSN online
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Tue, 11 Dec 2012 15:56:36 -0500
http://www.kcra.com/news/State-of-Calif-mistakenly-publishes-thousands-of-SSN-online/-/11797728/17723434/-/tad6swz/-/index.html?absolute=true SACRAMENTO, Calif. (KCRA) — A KCRA 3 investigation reveals the State of California has mistakenly published thousands of Social Security numbers on the Internet. The list includes Medi-Cal providers in 25 California counties, including Amador, Calaveras, Colusa, Nevada, Placer, Sutter, Tuolumne and Yuba. In an exclusive interview with KCRA 3, state officials from the Department of Health Care Services admitted to posting nearly 14,000 Social Security numbers belonging to Medi-Cal providers working for In-Home Supportive Services. "This was inadvertent and we sincerely regret this has happened," said Norman Williams, deputy director for public affairs for the Department of Health Care Services. The confidential information was available on the state's Medi-Cal website for anyone to see for a period of nine days, before the mistake was discovered and the numbers removed. KCRA 3 interviewed several providers from In-Home Supportive Services about the security breach. "It's really going to hurt a lot of people, and the bad guys are going to be out there in seventh heaven," said Julie Hansen, who works 50 hours a week as an in-home care provider. Hansen makes $10 an hour taking care of her son, Joe Marques, who is legally blind and takes eight separate medications to combat seizures. Social Security numbers are a key ingredient for identity theft. "If we do get bad reports or money against our accounts, they should be liable," Hansen told KCRA 3. "But they've got the lawyers, we don't. " This is the second security breach involving IHSS workers in the past five months. As KCRA 3 reported last July, a database breach by the Department of Social Services put three-quarters of a million providers at risk. At the time, the state offered to provide free credit monitoring for several months, and pledged the problem would never happen again. But now it has -- this time under the Department of Health Care Services, which does the billing for IHSS providers, who are employed through the Department of Social Services. "I said, again? This has already happened once," said Ann, another in-home worker. Ann declined to provide her last name, saying she was concerned about becoming a victim of identity theft. "It just gives the overall feeling of uneasiness," Ann told KCRA 3. "You know, like impending doom, like somebody is going to steal money from me and I'm not going to know until after it happens." KCRA 3 also spoke with William Reed, executive vice president of United Domestic Workers, the union representing in-home care workers. "The first reaction is -- is anybody at the helm?" Reed said. "You know, do they really know what they are doing? And do they really care about safeguarding that information?" "We've taken some very strong action to help deal with the problem," said Williams, of the Department of Health Care Services. "We've offered a year of free credit-monitoring service and we've taken some steps to protect the information more carefully. " Williams declined to name the specific steps for security reasons, but added, "There is an ongoing internal investigation and we're working to understand the problem better, to make sure it doesn't happen again." _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- State of Calif. mistakenly publishes thousands of SSN online Erica Absetz (Dec 11)