Identity Giveaway
By Allan Holmes | Friday, August 24, 2007 | 12:19 PM
By Allan Holmes | Friday, August 24, 2007 | 12:19 PM
It's one thing to have a hacker stealthily navigate past your firewall, slither by your intrusion detection software, and fiendishly gain access to a database to steal customers' personal information. It's another to have your operations department just send the information out through the mail.
That's exactly what the California Public Employees' Retirement System, better known as CalPERS, did this month when it sent about 400,000 brochures containing members' Social Security numbers clearly visible through the address window. A CalPERS spokesman downplayed the incident, saying the Social Security numbers printed on the brochure did not have hyphens, making it more difficult to identify the string of numbers as a Social Security number.
CalPERS sent a letter to members apologizing for the mistake and is conducting an investigation to find out why the SSNs were printed on the brochures. The organization also is providing privacy security awareness training for employees.
Hat tip: Pensions and Investments
Comments
I just had this happen to me. My dental insurance provider did this. They offered me free credit monitoring services for a year. Wow!! What a deal. How is that supposed to protect me? It will only alert me to someone using my identity within the next year. I will still have to fix their snafu and go through endless red tape if someone uses my SSN. I agree, these companies and organizations need to be held accountable. How would their CEOs like it if we published their SSNs for all the world to see? Maybe that should be their punishment.
JI | Tuesday, September 11, 2007 | 09:52 AMScary, Scary, Scary...we as consumers are trying to be aware, wary, and prudent...but, then those who have our information...they...have to be extra, exta, extra careful...or that shredder that I have that goes whir, whir, crunch, crunch deep into the night when I should be sleeping (cause I'm up shredding all the junk that has come in with my name on it) means absolutely nothing...
MsBelle | Wednesday, September 05, 2007 | 02:00 PMHey this just helps illegals get SS#'s so they can work legally in California doubt this was an accident
dan ketter | Friday, August 31, 2007 | 12:02 PMI still say that credit bureaus have MY information and they can not release ANY information about me unless I give them express written permission each and every time. Also, for the permission, the consumer receives a check for $100 for each permission. If the credit bureau provides unauthorized distribution of my information, they are liable for million dollar charges from me. Bottom line: the quickest method to eliminate this identify stealing is to hold these credit bureaus, as well as the retailer granting credit, liable big time. When million dollar judgments are won and the dollars flow into the consumers hands, this nonsense will stop.
Scott in Riverside, CA | Tuesday, August 28, 2007 | 11:51 PMStupid is as Stupid does
Catherine Thomas | Tuesday, August 28, 2007 | 06:41 PMHard to identify because there's no hyphens in the numbers...you think those hackers are stupid????...
roger p | Tuesday, August 28, 2007 | 12:39 PM Isn't unauthorized disclosure of this information an illegal act? Why are they allowed to collect the data in the first place if they are not capable of maintaining proper security of it?
How can I protect myself from identity theft when the people who are suppose to assist me in my efforts act against my interest? And when does the lamest of excuses, not even an apology excuse this breach of confidentiality?
Unbelieveable! New policies need to be in place that guarantee the privacy of personal information. Why put SSN's on the brochures in the first place? I am sure the person receiving the brochure know their SSN. This is not good. I agree holding leadership accountable and hosting training for all parties involved are the first steps to corrective action!
Wood | Tuesday, August 28, 2007 | 09:22 AMSuggest the responsible person's Supervisor and entire leadership chain be held accountable for this egregious breach of security. Believe it would set a precedent.
Lyle Johnson | Tuesday, August 28, 2007 | 08:42 AMAgain companies who put personal information on line without permission, have allowed it to possibly be compromised. Then tell consumers about providing security awareness training, why don't those responsible take the training.
C Conner | Tuesday, August 28, 2007 | 06:20 AM"Hard to recognize them as SSNs because there aren't any hyphens in the numbers" What a bunch of hogwash! If you live in the Golden State (trying to be polite), you have a real good idea of what a social security number looks like from your general area because the first three numbers are assigned by region. So, if the number in the envelope starts with "555" and your number is 554-something, it's a tip off as to what is inside.
Jerome C. Borden | Tuesday, August 28, 2007 | 01:30 AMABOUT THIS BLOG
Allan Holmes on what's happening and what's being discussed in the world of federal information technology.
feed