File Cabinets in Abandoned Building Expose 2,000 Gary Residents
Technorati Tag: Security Breach
Date Reported:
9/16/07
Organization:
City of Gary, Indiana
Contractor/Consultant:
Department of Health and Human Services
Victims:
Gary "needy residents"
Number Affected:
2,000
Types of Data:
Name, home address, date of birth, Social Security number, income, marital status, employment status and other information.
Breach Description:
Four file cabinets containing sensitive Department of Health and Human Services data were discovered in an unlocked building that the city stopped using in 2004. It appears as though the building is abandoned.
Reference URL:
The Times Story
Report Credit:
Joe Carlson, The Times, Munster, IN
Response:
From the online resource mentioned above:
"For untold weeks, a potential treasure trove for identity thieves of personal information on thousands of the city's most vulnerable residents sat for the taking behind an open door with no lock and no key."
"Until Thursday afternoon, the records sat in four file cabinets just around the corner from the doorless entryway that faces the alley behind 1710 Broadway."
"Inside the file cabinets, roughly 2,000 records are alphabetized by last name, displaying home addresses, dates of birth, Social Security numbers, incomes, martial and employment status, and other information about people who once came to the city for help."
"Also stored inside in the mothballed building are personnel records of city employees, restaurant inspection reports, code enforcement citations, tow stickers and a document titled "Mayor's Cabinet Level Status Report, June 27, 2002."
"Those records should have either been taken with and maintained or destroyed -- not just left," said former Mayor Scott King, who stepped down in 2006. "Whoever made that choice didn't make a good one. They had two choices, and they didn't make either one."
[Comfyllama] Telling like it is.
"City assistant press secretary LaShawn Brooks said she was told all of the files were stored in "an area that was secured." Told that a reporter could walk in and look through them Thursday, Brooks said city officials plan to remove the records sometime soon."
[Comfyllama] Sometime soon? How about right now!?
"Whoa," Hawkins said, after hearing the files contained sensitive personal information." - Shirley Hawkins, director of the Health/Human Services Department
[Comfyllama] Whoa is right.
"some of the most sensitive information left behind appeared to be related to the Emergency Referral Service, which people down on their luck turn to get donated clothing, food and information on further assistance.
For example, one resident listed in the files received clothing and assistance from the agency in 2003 after her Polk Street home sustained heavy damage in a fire.
The records, which date back at least to the early 1990s, appear to be case files on clients.
Allowing any resident's personal information to be vulnerable is against federal law.
"Entities that maintain sensitive consumer information have a duty to take reasonable steps to protect it," said Joel Winston, associate director of the Division of Privacy and Identity Protection in the Federal Trade Commission in Washington, D.C.
Jurisdiction over the criminal identity theft prevention laws falls to the U.S. Department of Justice, which declined to comment on the Gary situation."
Commentary:
Joe Carlson from The Times wrote an excellent article covering this breach. There is plenty of detail. To date there appears to be no official response from the city or federal officials. It's almost like the city just left the building one day and everything that was left behind was simply left behind. Obviously, this is NO way to treat senstive data.
What makes this story sad is that this breach affects people that either are or were really down on their luck.
Past Breaches:
None
Date Reported:
9/16/07Organization:
City of Gary, Indiana
Contractor/Consultant:
Department of Health and Human Services
Victims:
Gary "needy residents"
Number Affected:
2,000
Types of Data:
Name, home address, date of birth, Social Security number, income, marital status, employment status and other information.
Breach Description:
Four file cabinets containing sensitive Department of Health and Human Services data were discovered in an unlocked building that the city stopped using in 2004. It appears as though the building is abandoned.
Reference URL:
The Times Story
Report Credit:
Joe Carlson, The Times, Munster, IN
Response:
From the online resource mentioned above:
"For untold weeks, a potential treasure trove for identity thieves of personal information on thousands of the city's most vulnerable residents sat for the taking behind an open door with no lock and no key."
"Until Thursday afternoon, the records sat in four file cabinets just around the corner from the doorless entryway that faces the alley behind 1710 Broadway."
"Inside the file cabinets, roughly 2,000 records are alphabetized by last name, displaying home addresses, dates of birth, Social Security numbers, incomes, martial and employment status, and other information about people who once came to the city for help."
"Also stored inside in the mothballed building are personnel records of city employees, restaurant inspection reports, code enforcement citations, tow stickers and a document titled "Mayor's Cabinet Level Status Report, June 27, 2002."
"Those records should have either been taken with and maintained or destroyed -- not just left," said former Mayor Scott King, who stepped down in 2006. "Whoever made that choice didn't make a good one. They had two choices, and they didn't make either one."
[Comfyllama] Telling like it is.
"City assistant press secretary LaShawn Brooks said she was told all of the files were stored in "an area that was secured." Told that a reporter could walk in and look through them Thursday, Brooks said city officials plan to remove the records sometime soon."
[Comfyllama] Sometime soon? How about right now!?
"Whoa," Hawkins said, after hearing the files contained sensitive personal information." - Shirley Hawkins, director of the Health/Human Services Department
[Comfyllama] Whoa is right.
"some of the most sensitive information left behind appeared to be related to the Emergency Referral Service, which people down on their luck turn to get donated clothing, food and information on further assistance.
For example, one resident listed in the files received clothing and assistance from the agency in 2003 after her Polk Street home sustained heavy damage in a fire.
The records, which date back at least to the early 1990s, appear to be case files on clients.
Allowing any resident's personal information to be vulnerable is against federal law.
"Entities that maintain sensitive consumer information have a duty to take reasonable steps to protect it," said Joel Winston, associate director of the Division of Privacy and Identity Protection in the Federal Trade Commission in Washington, D.C.
Jurisdiction over the criminal identity theft prevention laws falls to the U.S. Department of Justice, which declined to comment on the Gary situation."
Commentary:
Joe Carlson from The Times wrote an excellent article covering this breach. There is plenty of detail. To date there appears to be no official response from the city or federal officials. It's almost like the city just left the building one day and everything that was left behind was simply left behind. Obviously, this is NO way to treat senstive data.
What makes this story sad is that this breach affects people that either are or were really down on their luck.
Past Breaches:
None
Posts Atom 1.0
Comments