Wisconsin Dept. of Health and Family Services mails Social Security numbers
Technorati Tag: Security Breach
Date Reported:
1/8/08
Organization:
State of Wisconsin
Contractor/Consultant/Branch:
Department of Health
EDS Corporation
Victims:
Medicaid, SeniorCare, and BadgerCare members
Number Affected:
Unknown
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Informational brochures sent by the Wisconsin Department of Health & Family Services to members of Medicaid, SeniorCare, and BadgerCare were inadvertently printed with Social Security numbers on them. 260,000 mailings were sent by EDS Corporation, the department's vendor.
Reference URL:
620 WTMJ News Story
Seattlepi.com News Story
Report Credit:
WKOW-TV
Response:
From the online source cited above:
Social Security numbers were printed on informational brochures sent by the state to recipients of SeniorCare and other state programs
The mailing went to about 260,000 Medicaid, SeniorCare, and BadgerCare members
The state Department of Health and Family Services said Tuesday that a private vendor based in Plano, Texas, made the mistake while sending informational brochures for state Medicaid services in the past few days.
Recipients found their own Social Security numbers on the envelopes.
EDS Corp. caught the mistake late Monday and stopped the mailings, which were supposed to go to 485,000 people
"We are appalled that EDS made this mistake," said Karen Timberlake, deputy secretary of the state department. "We take our responsibility for protecting the confidentiality of our members very seriously - and we expect our contractors to do the same."
[Evan] EDS is a big consulting company with many large clients. The certainly should have known better and their customers should certainly expect better. In regards to Karen Timberlake's statement "we expect our contractors to do the same", expectations do NOT produce results. Organizations must demand that vendors deliver security with their services and abide by strict security standards. Organizations should also periodically audit vendors for compliance.
The mistake occurred when the data file was created during a routine mailing sent in the past three or four days, said Bill Ritz, a spokesman for the company. The error was being corrected, he said, but he did not know how the company was made aware of the problem.
[Evan] Routine? Did anyone think to test the program before putting it into production?
Jane Marvin received the 11-page mailing, titled "Wisconsin Medicaid and BadgerCare recipient update" and dated January 2008.
Marvin told WKOW that she also had received the tax mailing last year with her Social Security number on it.
[Evan] Ugh. The same person is victimized twice by the State of Wisconsin in a little more than a year.
The Department of Revenue paid more than $500,000 to provide credit monitoring for those affected by its 2006 mailing. No cases of identity theft have been reported to the state as a result of that incident.
[Evan] If the State of Wisconsin is interested, I will proofread their mailings before they go out for $350,000/year and we can save the taxpayers some money!
"You yell for it now," he said. "You don't call for anything. You scream for it. Hey, dummies, get it right." - state Sen. Ted Kanavas, R-Brookfield
Victim Reaction:
"It's unbelievable," Marvin said. "You would think they (state officials) would have learned from the Revenue Department situation. I am concerned."
"I've gotten pretty cautious because I had the tax form last year," Marvin said. "Any more when my husband or I get any mail with our names on it I tear it off and I shred it."
"All that to-do last year and the state turns around and does it again," she said. "I got pretty upset. ... Who's not doing their job?"
Commentary:
Like I said earlier, EDS is a large consulting company with large clients. EDS has been "around the block" enough times that they should have known better. Poor business process, poor security and lack of attention to detail.
Past Breaches:
State of Wisconsin:
December 2006 - Wisconsin mails tax forms with Social Security numbers printed on them
Electronic Data Systems:
December, 2007 - TRICARE breach affects 4,700 households
August, 2007 - Former Electronic Data Systems Employee Charged with Identity Theft of 498
Date Reported:1/8/08
Organization:
State of Wisconsin
Contractor/Consultant/Branch:
Department of Health
EDS Corporation
Victims:
Medicaid, SeniorCare, and BadgerCare members
Number Affected:
Unknown
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Informational brochures sent by the Wisconsin Department of Health & Family Services to members of Medicaid, SeniorCare, and BadgerCare were inadvertently printed with Social Security numbers on them. 260,000 mailings were sent by EDS Corporation, the department's vendor.
Reference URL:
620 WTMJ News Story
Seattlepi.com News Story
Report Credit:
WKOW-TV
Response:
From the online source cited above:
Social Security numbers were printed on informational brochures sent by the state to recipients of SeniorCare and other state programs
The mailing went to about 260,000 Medicaid, SeniorCare, and BadgerCare members
The state Department of Health and Family Services said Tuesday that a private vendor based in Plano, Texas, made the mistake while sending informational brochures for state Medicaid services in the past few days.
Recipients found their own Social Security numbers on the envelopes.
EDS Corp. caught the mistake late Monday and stopped the mailings, which were supposed to go to 485,000 people
"We are appalled that EDS made this mistake," said Karen Timberlake, deputy secretary of the state department. "We take our responsibility for protecting the confidentiality of our members very seriously - and we expect our contractors to do the same."
[Evan] EDS is a big consulting company with many large clients. The certainly should have known better and their customers should certainly expect better. In regards to Karen Timberlake's statement "we expect our contractors to do the same", expectations do NOT produce results. Organizations must demand that vendors deliver security with their services and abide by strict security standards. Organizations should also periodically audit vendors for compliance.
The mistake occurred when the data file was created during a routine mailing sent in the past three or four days, said Bill Ritz, a spokesman for the company. The error was being corrected, he said, but he did not know how the company was made aware of the problem.
[Evan] Routine? Did anyone think to test the program before putting it into production?
Jane Marvin received the 11-page mailing, titled "Wisconsin Medicaid and BadgerCare recipient update" and dated January 2008.
Marvin told WKOW that she also had received the tax mailing last year with her Social Security number on it.
[Evan] Ugh. The same person is victimized twice by the State of Wisconsin in a little more than a year.
The Department of Revenue paid more than $500,000 to provide credit monitoring for those affected by its 2006 mailing. No cases of identity theft have been reported to the state as a result of that incident.
[Evan] If the State of Wisconsin is interested, I will proofread their mailings before they go out for $350,000/year and we can save the taxpayers some money!
"You yell for it now," he said. "You don't call for anything. You scream for it. Hey, dummies, get it right." - state Sen. Ted Kanavas, R-Brookfield
Victim Reaction:
"It's unbelievable," Marvin said. "You would think they (state officials) would have learned from the Revenue Department situation. I am concerned."
"I've gotten pretty cautious because I had the tax form last year," Marvin said. "Any more when my husband or I get any mail with our names on it I tear it off and I shred it."
"All that to-do last year and the state turns around and does it again," she said. "I got pretty upset. ... Who's not doing their job?"
Commentary:
Like I said earlier, EDS is a large consulting company with large clients. EDS has been "around the block" enough times that they should have known better. Poor business process, poor security and lack of attention to detail.
Past Breaches:
State of Wisconsin:
December 2006 - Wisconsin mails tax forms with Social Security numbers printed on them
Electronic Data Systems:
December, 2007 - TRICARE breach affects 4,700 households
August, 2007 - Former Electronic Data Systems Employee Charged with Identity Theft of 498
Posted by Evan Francen at 1/8/2008 4:03 PM 
Categories: Electronic Data Systems, Mailing Error, Employee Mistake, State of Wisconsin
Categories: Electronic Data Systems, Mailing Error, Employee Mistake, State of Wisconsin
Posts Atom 1.0
Comments