Second Data Leak in the State of California


When people’s personal information, such as passwords, bank info, home address, gets published, people immediately think that the system was hacked and the hackers were the ones responsible for the leak.  But what if your social security number gets published by a government agency–because of human error–how would you feel?  Would you still trust the government to handle your information?

A KCRA investigation revealed that the State of California mistakenly published thousands of social security numbers on the internet that includes Medi-Cal providers in 25 California counties, including Amador, Calaveras, Colusa, Nevada, Placer, Sutter, Tuolumne and Yuba.

Officials of the Department of Health Care Services admitted posting nearly 14,000 Social Security numbers belonging to Medi-Cal providers working for In-Home Supportive Services, which was available on the state’s Medi-Cal website for nine days, from November 5-14, and after being taken down, a search for the SSNs on Google were still available for six more days.  They made sure that the data was no longer available on Google or any other search engines.

Karen Johnson, chief deputy director for the DHCS, said in a letter that they apologize for the leak and assured people that though SSNs were made public, they doubt that it would be used by unauthorized people.  But all it takes for people to steal another person’s identity is to have access to their SSN, then everything else will easily follow.

This is the second time that a breach happened at the IHSS as earlier this year, 750,000 in-home care providers and their clients were put at risk when their data payroll data were put on an unencrypted microfiche tape, sent it via US mail to another office, the package got lost somewhere along the way, and when it finally came, the package was was damaged and some sensitive information was missing.  The data in the microfiche tape included names and Social Security numbers for 325,000  homecare providers and the employer identification numbers for almost 400,000 clients.

William Reed, executive vice president of United Domestic Workers, the union representing in-home care workers, stated, “[I]s anybody at the helm?  You know, do they really know what they are doing? And do they really care about safeguarding that information?”

And he is absolutely right.  If the government is this careless about handling sensitive information, how can the people trust them when they say that everything will be okay and accounted for?  That just doesn’t make any sense.