VA Medical Center Exposes 700 Employees on Envelopes
Technorati Tag: Security Breach
Date Reported:
9/10/07
Organization:
U.S. Department of Veterans Affairs
Contractor/Consultant:
Martinsburg VA Medical Center
Victims:
VA Medical Center Employees
Number Affected:
700
Types of Data:
Name, address, nature of personnel action and Social Security number
Breach Description:
“SF 50s” (government personnel action forms) were sent to up to 700 VA Medical Center employees that inadvertently displayed the recipients senstive information through the envelope window.
Reference URL:
http://www.journal-news.net/news/articles.asp?articleID=11779
Report Credit:
Naomi Smoot, The Journal
Response:
From The Journal's online article:
“You would think that they’d be a little more careful after what happened to all the veterans and their Social Security numbers", Susan Anderson vice president of the National Association of Government Employees and president of the local chapter
[Comfyllama] You would think so. Change in veeeeeeeerrrrrrrrrrrrrryyyyyyy slow in government.
"These documents are normally sent out in plain white envelopes with only the name of the employee on the front, with a disclaimer printed in red letters that says that the envelopes are to be opened only by the addressee"
[Comfyllama] The article is not clear as to why these mailings were sent out in a different manner.
"This batch, however, was folded and inserted into an envelopes in a such a way that the employee’s name, Social Security number and nature of the personnel action were visible through the envelopes’ windows"
"some of the 700 envelopes were “batched” for internal mail delivery. An unknown number, however, “were accidentally mailed via USPS and returned for ‘insufficient address"
"envelopes were stuffed by student interns, not human resources staff"
"“Management doesn’t even know how many envelopes they sent out. They think it’s about 700, but they really don’t know."
Commentary:
So many times when I read about these breaches I seem to have more questions than answers. The first question that comes to mind is what purpose does a Social Security number serve on these mailings? Even if the envelopes were stuffed incorrectly, I can think of no reason why the Social Security number even needs to be printed on the materials. Companies, government organizations, educational institutions, and charities MUST stop using Social Security numbers as identification.
Past Breaches:
None specific to the Martinsburg VA Medical Center
Date Reported:
9/10/07
Organization:
U.S. Department of Veterans Affairs
Contractor/Consultant:
Martinsburg VA Medical Center
Victims:
VA Medical Center Employees
Number Affected:
700
Types of Data:
Name, address, nature of personnel action and Social Security number
Breach Description:
“SF 50s” (government personnel action forms) were sent to up to 700 VA Medical Center employees that inadvertently displayed the recipients senstive information through the envelope window.
Reference URL:
http://www.journal-news.net/news/articles.asp?articleID=11779
Report Credit:
Naomi Smoot, The Journal
Response:
From The Journal's online article:
“You would think that they’d be a little more careful after what happened to all the veterans and their Social Security numbers", Susan Anderson vice president of the National Association of Government Employees and president of the local chapter
[Comfyllama] You would think so. Change in veeeeeeeerrrrrrrrrrrrrryyyyyyy slow in government.
"These documents are normally sent out in plain white envelopes with only the name of the employee on the front, with a disclaimer printed in red letters that says that the envelopes are to be opened only by the addressee"
[Comfyllama] The article is not clear as to why these mailings were sent out in a different manner.
"This batch, however, was folded and inserted into an envelopes in a such a way that the employee’s name, Social Security number and nature of the personnel action were visible through the envelopes’ windows"
"some of the 700 envelopes were “batched” for internal mail delivery. An unknown number, however, “were accidentally mailed via USPS and returned for ‘insufficient address"
"envelopes were stuffed by student interns, not human resources staff"
"“Management doesn’t even know how many envelopes they sent out. They think it’s about 700, but they really don’t know."
Commentary:
So many times when I read about these breaches I seem to have more questions than answers. The first question that comes to mind is what purpose does a Social Security number serve on these mailings? Even if the envelopes were stuffed incorrectly, I can think of no reason why the Social Security number even needs to be printed on the materials. Companies, government organizations, educational institutions, and charities MUST stop using Social Security numbers as identification.
Past Breaches:
None specific to the Martinsburg VA Medical Center
Posts Atom 1.0
Comments