700,000 Affected in Home Care BreachProvider and Recipient Information Lost
Personal information for more than 700,000 home care providers and recipients was lost in the mail, according to the California Department of Social Services.
See Also: The 5 Foundational DevOps Practices
A box containing the information stored on microfiche arrived damaged at a state office with some of the contents missing, CDSS said.
On May 9, CDSS was notified by Hewlett Packard that part of its shipment of payroll data for home care providers was missing, according to a May 11 release from the department. HP mailed the package through the U.S. Postal Service to the State Compensation Insurance Fund, located in Riverside, the release states.
The personal information includes the home care provider's name, Social Security number, case number, provider number and amount of wages for the period of October through December 2011. Home care recipients' state employer identification numbers were also listed.
Although the state confirms data on 700,000 was affected, it did not offer a breakdown. The Los Angeles Times reports data on 375,000 providers and 326,000 recipients was involved.
In a FAQ posted on its website, CDSS explains that the package containing the sensitive information was mailed from a Hewlett Packard processing center between April 26 and May 1, 2012. It arrived damaged and the information in the package was "incomplete upon delivery to the State Compensation Insurance Fund."
CDSS is working with contractors to implement additional security practices for transporting sensitive information and is in the process of "establishing new systems and processes that will eliminate the need for transporting this type of information in the future," the release says.
A letter is being sent to affected individuals, which will include steps to take to monitor for fraud. "We also recommend that you regularly review activity on your credit card accounts and report any errors, incorrect information or unauthorized activity to your credit card company," the statement says.
The announcement didn't mention whether CDSS would be providing free credit monitoring services to victims.