On Tuesday, the California Department of Social Services warned the providers and recipients of the state's In Home Support Services (IHSS) that their names, addresses, telephone numbers, Social Security numbers and dates of birth may be circulating the Internet. IHSS allows individuals to get paid for providing in-home care to senior citizens.
The warning comes after an unknown attacker slipped in through a security hole in a social researcher's unsecured computer at the University of California, Berkeley, on Aug. 1, perhaps making off with 1.4 million database records containing personal information. The researcher noticed the trespass on Aug. 30 and the university notified the state in mid-September.
• Incident: Personal records on a UC Berkeley computer may have been compromised
• Affected: Up to 1.4 million providers and clients of the California Department of Social Services
• So far: The state says there's no sign the data was stolen or misused
• Steps: Those affected are warned to contact the major credit bureaus and put warnings on their credit card accounts
• For more information: See the DSS site.
"We have only determined that the computer itself was accessed," said Carlos Ramos, assistant secretary at the California Health and Human Services Agency. "We haven't determined that the data was accessed."
The FBI and the California Highway Patrol--the state police agency--are investigating the incident, the California DSS stated.
The intrusion is not the first to net personal information at a university. A laptop stolen from the University of California, Los Angeles, exposed about 145,000 people's data. Last year, the Georgia Institute of Technology and the University of Texas at Austin fell prey to online attackers. The California Employment Development Department also may have exposed 55,000 names in February.
In the latest case, a UC Berkeley researcher had lawfully obtained the information as part of a research project into the effectiveness of the IHSS program. However, he had not followed policy that specified that sensitive information, such as Social Security numbers, be removed from the database.
The participants may not have known that their information would be shared, but the DSS is allowed by law to share the information for the purpose of research.
SponsoredWhite Papers, Webcasts, and Downloads
- SharePoint: How It's Leveraged and How It Works Global Knowledge
- Using Emotional Intelligence in the Technical Professions Global Knowledge
- 2008 IT Salary and Skills Report Global Knowledge
- Talkback
- Most Recent of 9 Talkback(s)
- Thread View
- Flat View
- Why give anyone data with Soc Sec #s?
- Haven't you gave your Social Security number to anyone? E.G., one of the employees in your employer's personnel department? Do yopu really trust ALL of that department's employees? Have they ever repl... (Read the rest)
- Posted by: hadaso Posted on: 10/22/04 You are currently: Logged In | Log out
 WTF Give the researcher data with Soc Sec #s Squawkbox | 10/20/04 |
  Why give anyone data with Soc Sec #s? hadaso | 10/22/04 |
| Second time around Roger Ramjet | 10/21/04 |
| Why assume Windows (not windoze - doesn't exist) Confused by religion | 10/21/04 |
 I try not to troll Roger Ramjet | 10/21/04 |
| Berlind admits it Roger Ramjet | 10/21/04 |
| UC Berkely Yagotta B. Kidding | 10/21/04 |
| Lawsuits, criminal charges, fines, prison. It should all happen BitTwiddler | 10/21/04 |
| California policy violates federal law? csomervi | 10/21/04 |
