Lost data may have exposed 800,000 people in Calif

Mar 30, 2012 By SHAYA TAYEFE MOHAJER , Associated Press

(AP) -- A disaster preparedness exercise to ensure California's child support system could be run remotely went smoothly, except for one casualty: the names, Social Security numbers and other private records of about 800,000 adults and children.

Four computer storage devices for the California Department of Child Support Services went missing somewhere between Boulder, Colo., and Sacramento earlier this month while they were in the possession of IBM and Iron Mountain, Inc, the department announced Thursday.

The backup storage cartridges also contained addresses, driver's license numbers, names of health insurance providers and employers for custodial and non-custodial parents, and their children.

The cartridges had been sent to IBM's facility in Boulder as part of a disaster simulation, so the technology company could test whether it could run the state's child support system remotely, said Christine Lally, a spokeswoman for the state's Office of Technology Services.

After testing was completed successfully, the data cartridges were to be sent back to California. Typically, secure transportation for sensitive materials are provided to the state through Iron Mountain but the company doesn't fly, so FedEx transported the cartridges.

"We believe that the container was not properly secured, thus allowing the container to open and then spill out," Lally said.

IBM did not immediately respond to a call seeking comment.

The department has notified all those possibly affected by the March 12 data loss via mail, and has notified the three major credit reporting agencies, the state attorney general's office and the state Office of Privacy Protection.

The child support department is recommending that those affected by the breach place a on their credit cards, get copies of their credit reports and take other appropriate steps to protect their identities.

The agency's interim director, Kathleen Hrepich, says the incident won't affect the processing of child support cases.

There's a chance the information from the California Department of Child Support Services won't be accessible because a specialized machine is needed to run the cartridges the data is stored on, and special hardware and software are needed to read it, said Lally.

"(A data cartridge) is definitely not something that you or I could just pop into our laptop," Lally said.

Thursday's announcement isn't the first time massive amounts of personal information entrusted to IBM has been lost.

Last March, IBM informed insurer Health Net that the company could not find drives containing information for 1.9 million enrollees. The lost information included financial information, and health histories.

The state's contract with IBM for the disaster services contract began August 1, 2008, and expires July 31, 2012.

"Obviously, the California state agency picked IBM because it trusted its expertise in securing highly sensitive personal data," said Beth Givens, director of the Privacy Rights Clearinghouse.

"Unfortunately, we can't assume that our sensitive personal information is safeguarded to the extent that it should be," Givens said.

The San Diego-based organization tracks data breaches and estimates at least 550 million personal records have been breached since it began tracking them in 2005.

Explore further: Japan court orders Facebook to reveal revenge porn IP addresses

More information: www.childsup.ca.gov

1 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Security glitch exposes WellPoint data again

Jun 29, 2010

(AP) -- WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's ...

Theft of data on 4M patients part of wider problem

Nov 18, 2011

The theft of a computer containing information on more than 4 million patients of a major Northern California health care provider may be among the largest breaches of health care data in recent years, but it's far from ...

Hackers breach UC Berkeley computer database

May 08, 2009

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

Recommended for you

Kickstarter suspends privacy router campaign

Oct 20, 2014

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

User comments : 0