Wednesday, December 19, 2012

California Erred in Publishing Thousands of Social Security Number Online

In just five months following its first security breach, the State of California has again erroneously published thousands of Social Security numbers online.

According to recent news reports, California’s Department of Health Care Service officials admitted that it mistakenly posted online some 14,000 Social Security numbers belonging to Medi-Cal providers working for In-Home Supportive Services from 25 counties in California.

The Medi-Cal providers’ personal social security information have been available to anyone on the state’s Medi-Cal website for nine days until the mistake was discovered and eventually taken down.

In its statement quoted below, the Department of Health Care Services’ spokesperson said:

“This was inadvertent and we sincerely regret this has happened.”

Incidentally, last July, the same incident occurred when a database breach by the Department of Social Services put around 750,000 providers’ personal information at risk.

During that time, the state offered to provide free credit monitoring for several months and then pledged that the problem would never happen again—until this recent glitch.

Consequently, many owners of the Social Security numbers exposed online are now concerned about becoming victims of identity theft. In addition, the second incident of security breach has created a dispute regarding the state’s ability to safeguard sensitive information like Social Security numbers.

For the second time around, the state’s Department of Health Care Services again pledges to take some very strong action to help deal with the problem. It can be remembered that the agency did the same action before, when it offered additional year of free credit-monitoring service and some precautionary steps to protect such information more diligently.

However, in a statement released by a Los Angeles permanent disability lawyer, he claimed that it cannot be always that way that whenever the state committed such mistake, it would simply make a pledge. The same lawyer stressed that something must be done at once to avoid such leak of confidential information. “People need action and not promises,” he added.