A paper jam exposes Pennsylvania welfare information
Technorati Tag: Security Breach
Date Reported:
8/25/08
Organization:
State of Pennsylvania
Contractor/Consultant/Branch:
Department of Public Welfare
Department of General Services
Victims:
Welfare recipients
Number Affected:
2,845
Types of Data:
Welfare renewal packets containing sensitive personal information, in some cases including Social Security numbers
Breach Description:
"Paper jams in a mail-inserting machine caused 2,845 welfare benefit renewal packets to go to the wrong Pennsylvania welfare clients' homes, and nearly half included the Social Security numbers of the intended recipients."
Reference URL:
The Patriot-News (original)
The Patriot-News (follow-up)
Report Credit:
Jan Murphy, The Patriot-News
Response:
From the online sources cited above:
Letters were mailed Monday by the state Department of Public Welfare informing welfare clients that their personal information was breached last week.
[Evan] This is another breach reported by a government entity. This is the 5th breach from the Pennsylvania state government reported on The Breach Blog in the past 12 months.
Paper jams in a state Department of General Services mail inserter caused 2,845 benefit renewal packets to go to the wrong Pennsylvania welfare client's home.
[Evan] Mechanical devices will malfunction from time to time, its almost natural. Little surpise.
The packets were mailed on Aug. 18 and "got out of sync" when paper jams in the mail inserter were cleared by an operator
Nearly half of them included the intended recipients' Social Security numbers.
[Evan] This is the one point that I take the most exception with. Why, in this day and age, are Social Security numbers sent on these forms? What value does it provide to the process and at what risk? If these forms did not contain Social Security numbers, this incident would almost not be worth mentioning. I am a little miffed that this point was not even raised in the reference article.
Within three days, county assistance offices began receiving calls from welfare recipients about receiving benefit renewal packets intended for someone else.
The department also placed a 90-day fraud alert on the credit reports of 1,280 people whose Social Security numbers were shared through the mistake in the state Department of General Services' print shop
"We're taking it very seriously," said Anne Rung, deputy secretary for administration and procurement for General Services.
Rung said department officials are working with the inserter manufacturer, Guenther, to determine how the problem occurred.
[Evan] This is fine from a process perspective, but it does not address the root cause of the breach. Why are Social Security numbers printed on forms sent in the mail? Even if the printing process went smoothly, the Social Security numbers are still exposed to the printers, the mailing operators, handlers, mail carriers, etc. Well, I suppose they would be protected by an envelope.
It also is now handchecking every 50th packet to be sure it is going to the correct address, she said.
Mail inserter operators also will receive additional training.
"In this case, it sounds like they at least notified the potential victims of identity theft promptly," said Senate Republican spokesman Erik Arneson.
"That's a significant improvement from the three incidents which happened last year."
Commentary:
I get a general feeling that there is not enough attention directed towards addressing the main issue, that being ensuring "adequate" protection of sensitive information. Does the "business case" for printing Social Security numbers outweigh the risks. This is obviously a business decision.
The fundamental question; What does this state do to protect the confidential information belonging to it's citizens?
Past Breaches:
September, 2007 - PA Department of Public Welfare Computers Stolen with 375000 Citizens Affected
September, 2007 - Another stolen State of Pennsylvania laptop
December, 2007 - Another stolen Pennsylvania DPW computer, more victims
December, 2007 - Pennsylvania Department of Aging seniors affected by stolen laptop
Date Reported:8/25/08
Organization:
State of Pennsylvania
Contractor/Consultant/Branch:
Department of Public Welfare
Department of General Services
Victims:
Welfare recipients
Number Affected:
2,845
Types of Data:
Welfare renewal packets containing sensitive personal information, in some cases including Social Security numbers
Breach Description:
"Paper jams in a mail-inserting machine caused 2,845 welfare benefit renewal packets to go to the wrong Pennsylvania welfare clients' homes, and nearly half included the Social Security numbers of the intended recipients."
Reference URL:
The Patriot-News (original)
The Patriot-News (follow-up)
Report Credit:
Jan Murphy, The Patriot-News
Response:
From the online sources cited above:
Letters were mailed Monday by the state Department of Public Welfare informing welfare clients that their personal information was breached last week.
[Evan] This is another breach reported by a government entity. This is the 5th breach from the Pennsylvania state government reported on The Breach Blog in the past 12 months.
Paper jams in a state Department of General Services mail inserter caused 2,845 benefit renewal packets to go to the wrong Pennsylvania welfare client's home.
[Evan] Mechanical devices will malfunction from time to time, its almost natural. Little surpise.
The packets were mailed on Aug. 18 and "got out of sync" when paper jams in the mail inserter were cleared by an operator
Nearly half of them included the intended recipients' Social Security numbers.
[Evan] This is the one point that I take the most exception with. Why, in this day and age, are Social Security numbers sent on these forms? What value does it provide to the process and at what risk? If these forms did not contain Social Security numbers, this incident would almost not be worth mentioning. I am a little miffed that this point was not even raised in the reference article.
Within three days, county assistance offices began receiving calls from welfare recipients about receiving benefit renewal packets intended for someone else.
The department also placed a 90-day fraud alert on the credit reports of 1,280 people whose Social Security numbers were shared through the mistake in the state Department of General Services' print shop
"We're taking it very seriously," said Anne Rung, deputy secretary for administration and procurement for General Services.
Rung said department officials are working with the inserter manufacturer, Guenther, to determine how the problem occurred.
[Evan] This is fine from a process perspective, but it does not address the root cause of the breach. Why are Social Security numbers printed on forms sent in the mail? Even if the printing process went smoothly, the Social Security numbers are still exposed to the printers, the mailing operators, handlers, mail carriers, etc. Well, I suppose they would be protected by an envelope.
It also is now handchecking every 50th packet to be sure it is going to the correct address, she said.
Mail inserter operators also will receive additional training.
"In this case, it sounds like they at least notified the potential victims of identity theft promptly," said Senate Republican spokesman Erik Arneson.
"That's a significant improvement from the three incidents which happened last year."
Commentary:
I get a general feeling that there is not enough attention directed towards addressing the main issue, that being ensuring "adequate" protection of sensitive information. Does the "business case" for printing Social Security numbers outweigh the risks. This is obviously a business decision.
The fundamental question; What does this state do to protect the confidential information belonging to it's citizens?
Past Breaches:
September, 2007 - PA Department of Public Welfare Computers Stolen with 375000 Citizens Affected
September, 2007 - Another stolen State of Pennsylvania laptop
December, 2007 - Another stolen Pennsylvania DPW computer, more victims
December, 2007 - Pennsylvania Department of Aging seniors affected by stolen laptop
Posts Atom 1.0
Comments