Confidential Connecticut Department of Labor mailing is missing
Technorati Tag: Security Breach
Date Reported:
6/2/08
Organization:
State of Connecticut
Contractor/Consultant/Branch:
Connecticut Department of Labor
Victims:
Customers
Number Affected:
2,160
Types of Data:
"personal information, including name, address and Social Security number"
Breach Description:
"WETHERSFIELD, The Connecticut Department of Labor is notifying approximately 2,100 customers that files containing copies of letters sent to them regarding their unemployment insurance claim cannot be located."
Reference URL:
Connecticut Department of Labor
Associated Press via The Hartford Courant
Newsday
Report Credit:
Connecticut Department of Labor
Response:
From the online sources cited above:
WETHERSFIELD, The Connecticut Department of Labor is notifying approximately 2,100 customers that files containing copies of letters sent to them regarding their unemployment insurance claim cannot be located.
the agency strongly believes that the letters were mistakenly shredded along with others that were being rightfully destroyed
Following an extensive search, it appears the copies were inadvertently shredded and destroyed on or before May 21
we feel it is in the best interest of our customers to be proactive in our efforts to ensure that personal information is not compromised
The files contained copies of letters dated from May 2 to May 20 informing applicants that they were ineligible for the unemployment insurance.
Copies of the letters, which must be kept on file for three years, contained personal information, including name, address and Social Security number.
[Evan] Why does a letter informing someone that they are not eligible for unemployment insurance require a Social Security number?
we do not believe information on these letters will be used in a manner that will compromise the security of these residents
we have arranged for two years of free preventative services through the Debix Identity Protection Network
[Evan] Two years is much better that the semi-standard one year given by many organizations. Government breaches tick me off a little more than most. One reason is the fact that taxpayers get to foot the bill.
We sincerely regret any inconvenience or concern that has been caused by this situation
the agency takes the protection of personal information very seriously and since last year, we have been working on additional security features for the state’s unemployment insurance compensation system
Since federal law mandates that we use the entire Social Security number in the course of business, we are looking at ways to encrypt that data and still comply with regulations.
[Evan] I am glad to read that the agency is considering encryption of confidential information (albeit late, better than never), but this is only feasible for electronic information. Encryption would not have provided any protection against this particular breach which involved printed confidential information, namely Social Security numbers. I think it is generally a poor business practice to send mail with Social Security numbers in print unless it is absolutely necessary. I don't think that federal law requires that these mailings include Social Security numbers.
Residents who receive a letter from the agency and who may have questions regarding the free protection service can contact Debix directly at . Those with questions about their Determination Letter can call the Labor Department’s Assistance Center at .
Commentary:
If the missing letters only contained the information necessary to communicate the required message, then the impact of this breach would be considerably smaller.
Information security personnel don't currently review mailed information prior to release in the companies I consult for. This breach gets me thinking about a potential risk that I may have missed in my assessments.
Past Breaches:
September, 2007 - Stolen laptop contains names and allegations in state DCF cases
August, 2007 - State of Connecticut Stolen Laptop
Date Reported:6/2/08
Organization:
State of Connecticut
Contractor/Consultant/Branch:
Connecticut Department of Labor
Victims:
Customers
Number Affected:
2,160
Types of Data:
"personal information, including name, address and Social Security number"
Breach Description:
"WETHERSFIELD, The Connecticut Department of Labor is notifying approximately 2,100 customers that files containing copies of letters sent to them regarding their unemployment insurance claim cannot be located."
Reference URL:
Connecticut Department of Labor
Associated Press via The Hartford Courant
Newsday
Report Credit:
Connecticut Department of Labor
Response:
From the online sources cited above:
WETHERSFIELD, The Connecticut Department of Labor is notifying approximately 2,100 customers that files containing copies of letters sent to them regarding their unemployment insurance claim cannot be located.
the agency strongly believes that the letters were mistakenly shredded along with others that were being rightfully destroyed
Following an extensive search, it appears the copies were inadvertently shredded and destroyed on or before May 21
we feel it is in the best interest of our customers to be proactive in our efforts to ensure that personal information is not compromised
The files contained copies of letters dated from May 2 to May 20 informing applicants that they were ineligible for the unemployment insurance.
Copies of the letters, which must be kept on file for three years, contained personal information, including name, address and Social Security number.
[Evan] Why does a letter informing someone that they are not eligible for unemployment insurance require a Social Security number?
we do not believe information on these letters will be used in a manner that will compromise the security of these residents
we have arranged for two years of free preventative services through the Debix Identity Protection Network
[Evan] Two years is much better that the semi-standard one year given by many organizations. Government breaches tick me off a little more than most. One reason is the fact that taxpayers get to foot the bill.
We sincerely regret any inconvenience or concern that has been caused by this situation
the agency takes the protection of personal information very seriously and since last year, we have been working on additional security features for the state’s unemployment insurance compensation system
Since federal law mandates that we use the entire Social Security number in the course of business, we are looking at ways to encrypt that data and still comply with regulations.
[Evan] I am glad to read that the agency is considering encryption of confidential information (albeit late, better than never), but this is only feasible for electronic information. Encryption would not have provided any protection against this particular breach which involved printed confidential information, namely Social Security numbers. I think it is generally a poor business practice to send mail with Social Security numbers in print unless it is absolutely necessary. I don't think that federal law requires that these mailings include Social Security numbers.
Residents who receive a letter from the agency and who may have questions regarding the free protection service can contact Debix directly at . Those with questions about their Determination Letter can call the Labor Department’s Assistance Center at .
Commentary:
If the missing letters only contained the information necessary to communicate the required message, then the impact of this breach would be considerably smaller.
Information security personnel don't currently review mailed information prior to release in the companies I consult for. This breach gets me thinking about a potential risk that I may have missed in my assessments.
Past Breaches:
September, 2007 - Stolen laptop contains names and allegations in state DCF cases
August, 2007 - State of Connecticut Stolen Laptop
Posts Atom 1.0
Confidential Connecticut Department of Labor mailing is missing
The labor department of connecticut state has full of confidential files.
The department is also working in confidential only.
so, how that incident was happened?
The files are so confident the department officers are leaked out the confidential matters.
**************************************
ferrari123
http://www.addictionrecovery.net/connecticut
Addiction Recovery Connecticut
Reply to this