News & Resources

Californians concerned about identity theft after data breaches in two separate counties

Oct 26, 2013 Dave King

Two California districts recently alerted residents that their sensitive information had been compromised, putting them at risk of identity theft.

In Monterey County, hackers illegally accessed a government computer that contained the names, Social Security numbers, dates of birth and addresses of all social services program participants in the county between 2002 and 2009, according to a letter sent those affected. The county recommended that citizens whose data was breached set up fraud alerts and monitor their consumer credit data.

According to the Monterey Herald, the number of affected citizens is nearly 145,000, all of whom received assistance through the CalWorks, CalFresh, MediCal and Foster Care programs. Perhaps most worrisome is that the breached computer, despite being protected by password, remained connected to the state network while lying dormant since 2009. The director of the county's Department of Social Services, Elliott Robinson, assured residents that the hackers only had access to the information for less than 24 hours, the news source wrote, and that the computer was quickly taken offline while firewalls were installed on all other devices that contained the data of social programs participants.

Official San Mateo County computers stolen
A lower-tech data breach recently occurred at the Legal Aid Society of San Mateo County, 10 of whose laptops were stolen during an office break-in, the organization said in an official letter. Stored on the laptop were the names, Social Security numbers, dates of birth and medical information of patients receiving legal assistance from the nonprofit group of health care attorneys.

"We are sorry that this incident occurred and want to assure you we are carefully reviewing our procedures and practices to minimize the risk of recurrence," the Legal Aid Society told patients.

Improving those practices may mean the health law firm has to get down to basics. According to Healthcare IT News, the 10 stolen laptops were left unencrypted, meaning that thieves had only to break the login password to access the information. The news provider asked the Legal Aid Society of San Mateo how it planned to implement encryption practices going forward, but the organization declined to respond.

Meanwhile, the nonprofit exhorted its affected clients not only to check their consumer credit reports for suspicious activity, but also to ward against medical identity theft by checking that their insurers had not received fraudulent claims for health care services never rendered.

Since consumers trust philanthropic groups like the Legal Aid Society with their sensitive information, organizations in the sector should consider ensuring that they have the best solutions in place that protect the security of that data.