New parents exposed in Fresno County lost mail
Technorati Tag: Security Breach
Date Reported:
4/3/08
Organization:
Fresno County
Contractor/Consultant/Branch:
None
Victims:
New parents and babies
Number Affected:
279
Types of Data:
Names and Social Security numbers
Breach Description:
"Fresno County health officials say 279 birth certificate applications that list personal information of Valley babies and their parents are missing after they were mailed to the state. An envelope containing the birth certificate applications arrived at the the state Department of Public Health in Sacramento damaged, but with most of the forms missing."
Reference URL:
The Mercury News
The Fresno Bee
Report Credit:
The Associated Press
Response:
From the online sources cited above:
Fresno County health officials say 279 birth certificate applications that include the Social Security numbers of the babies' parents are missing.
[Evan] Thankfully, these babies do not have Social Security numbers yet, otherwise this adds a whole new dimension.
The state Department of Public Health told the county in February that an envelope containing 378 birth certificate applications from Fresno County had arrived damaged in Sacramento and that most were missing.
The forms contain information about babies born in six San Joaquin Valley hospitals, including their parents' names and Social Security numbers.
[Evan] Again, Social Security numbers used as personal identifiers in a manner that they were never designed for.
State officials called the incident a low risk for identity theft, but parents were notified about the missing forms.
[Evan] I wonder who makes the judgment call that terms this "low risk". Must be somebody that is well versed in risk management, right?
The Postal Service is searching for the items and trying to figure out where the certified letter was damaged.
Fresno Bee Opinion Column:
The latest screw-up by Fresno County is more evidence of how cavalierly county officials treat the public's sensitive personal information. No wonder identity theft is out of control. Our government, at all levels, is a major contributor to the problem.
Sending this information by mail may not have been the dumbest thing county officials have done lately, but it has to be right up there. Why wasn't this packet sent by courier or some other more secure means?
[Evan] Like encrypted on a CD or transferred over a secure network.
In February, county officials warned thousands of CalWORKs clients that they could be victimized after a laptop computer was stolen.
[Evan] We missed this one on The Breach Blog. I may have to go back an add it now.
The response by county officials is to shrug off these lapses, and offer the standard response that they don't think anyone has been the victim of fraud because of their negligence. How do they really know?
The security of personal information must have a much higher priority than the Board of Supervisors gives it. The board should be demanding that sensitive information not be put on laptops that can be easily stolen, or bundled up and dropped in the mail -- a packet that can be easily damaged during the mailing process.
Every year, tens of thousands of Californians become identity theft victims. Thieves create new credit card accounts with stolen Social Security numbers, then rack up huge expenditures on the cards before the victims notice.
[Evan] Tens of thousands of victims in California, yet people continue to tag breaches as "low risk".
In the San Joaquin Valley, methamphetamine users are glad that Fresno County doesn't have strong security procedures for personal data. Police tell us that 70% of Fresno's identity-theft cases are committed by meth addicts. They stay up for days finding ways to steal personal financial information.
Fresno County makes it easy for them.
Commentary:
Can you imagine the joy that many of these parents feel in bringing home a new baby boy or girl. Now imagine some of the joy being taken away because somebody unnecessarily exposed your personal details. It stinks that terrible security practices have the potential to affect personal lives.
Past Breaches:
Unknown
Date Reported:4/3/08
Organization:
Fresno County
Contractor/Consultant/Branch:
None
Victims:
New parents and babies
Number Affected:
279
Types of Data:
Names and Social Security numbers
Breach Description:
"Fresno County health officials say 279 birth certificate applications that list personal information of Valley babies and their parents are missing after they were mailed to the state. An envelope containing the birth certificate applications arrived at the the state Department of Public Health in Sacramento damaged, but with most of the forms missing."
Reference URL:
The Mercury News
The Fresno Bee
Report Credit:
The Associated Press
Response:
From the online sources cited above:
Fresno County health officials say 279 birth certificate applications that include the Social Security numbers of the babies' parents are missing.
[Evan] Thankfully, these babies do not have Social Security numbers yet, otherwise this adds a whole new dimension.
The state Department of Public Health told the county in February that an envelope containing 378 birth certificate applications from Fresno County had arrived damaged in Sacramento and that most were missing.
The forms contain information about babies born in six San Joaquin Valley hospitals, including their parents' names and Social Security numbers.
[Evan] Again, Social Security numbers used as personal identifiers in a manner that they were never designed for.
State officials called the incident a low risk for identity theft, but parents were notified about the missing forms.
[Evan] I wonder who makes the judgment call that terms this "low risk". Must be somebody that is well versed in risk management, right?
The Postal Service is searching for the items and trying to figure out where the certified letter was damaged.
Fresno Bee Opinion Column:
The latest screw-up by Fresno County is more evidence of how cavalierly county officials treat the public's sensitive personal information. No wonder identity theft is out of control. Our government, at all levels, is a major contributor to the problem.
Sending this information by mail may not have been the dumbest thing county officials have done lately, but it has to be right up there. Why wasn't this packet sent by courier or some other more secure means?
[Evan] Like encrypted on a CD or transferred over a secure network.
In February, county officials warned thousands of CalWORKs clients that they could be victimized after a laptop computer was stolen.
[Evan] We missed this one on The Breach Blog. I may have to go back an add it now.
The response by county officials is to shrug off these lapses, and offer the standard response that they don't think anyone has been the victim of fraud because of their negligence. How do they really know?
The security of personal information must have a much higher priority than the Board of Supervisors gives it. The board should be demanding that sensitive information not be put on laptops that can be easily stolen, or bundled up and dropped in the mail -- a packet that can be easily damaged during the mailing process.
Every year, tens of thousands of Californians become identity theft victims. Thieves create new credit card accounts with stolen Social Security numbers, then rack up huge expenditures on the cards before the victims notice.
[Evan] Tens of thousands of victims in California, yet people continue to tag breaches as "low risk".
In the San Joaquin Valley, methamphetamine users are glad that Fresno County doesn't have strong security procedures for personal data. Police tell us that 70% of Fresno's identity-theft cases are committed by meth addicts. They stay up for days finding ways to steal personal financial information.
Fresno County makes it easy for them.
Commentary:
Can you imagine the joy that many of these parents feel in bringing home a new baby boy or girl. Now imagine some of the joy being taken away because somebody unnecessarily exposed your personal details. It stinks that terrible security practices have the potential to affect personal lives.
Past Breaches:
Unknown
Posts Atom 1.0
Everyone makes mistakes, especially government organizations with thousands of employees, but this is unthinkable!
Reply to this