Data on 2.9 million Georgians goes missing

A CD containing personal information on Georgia residents has gone missing, according to the Georgia Department of Community The CD was lost by Affiliated Computer Services, a Dallas company handling claims for the health care programs, the statement said. The disc holds information on 2.9 million Georgia residents, said Lisa Marie Shekell, a Department of Community Health representative.

It is unclear if the data on the disc, which was lost in transit some time after March 22, was protected. However, it doesn't appear the data has been used fraudulently. "At this time, we do not have any indication that the information on the disk has been misused," Shekell said.

In response to the loss, the Georgia Department of Community Health has asked ACS to notify all affected members in writing and supply them with information on credit watch monitoring as well as tips on how to obtain a free credit report, it said.

There has been a string of data breaches in recent years, many of which were reported publicly because of new disclosure laws. About 40,000 Chicago Public Schools employees are at risk of identity fraud after two laptops containing their personal information were stolen Friday.

Last week, the University of California at San Francisco said a possible computer security breach may have exposed records of 46,000 campus and medical center faculty, staff and students.

Since early 2005, more than 150 million personal records have been exposed in dozens of incidents, according to information compiled by the Privacy Rights Clearinghouse.

Identity fraud continues to top the complaints reported to the Federal Trade Commission. Such complaints, which include credit card fraud, bank fraud, as well as phone and utilities fraud, accounted for 36 percent of the total 674,354 complaints submitted to the FTC and its external data contributors in 2006.

[bob donut]

Why do they put these things in hard form?

Every so often you hear abotu a laptop or a CD being stolen with ALL the data for a company or government. Why do they still continue to put their eggs in one basket?

The problem isn't that the disk was stolen, the problems is that there was a disk in the first place.

[suyts]

no doubt

I makes you wonder if anyone there in the IT dept. ever heard of a data server. You know, a place to store data and back it up to some place secure. What are those morons doing? If stuff like this keeps happening, we(people in the tech industry) are going to be micro-managed by the feds and state. Fire the dumb-as*** responsible.

[jgaryt]

hard copy

It is unfortunate, but data is still required to be put into a format for importing or archiving purposes. However, many tools exist to protect that data in the event of a loss or breach of security. Simple whole disk encryption or passworded/encrypted zip technology is easily available, but the real issue is that most agencies and organizations don't have the appropriate policies and procedures in place, and the ones that do, often don't have the appropriate levels of training.

Data must exist somewhere, and it's going to be put on laptops, desktops, PDA's, CD's tapes and disks as long as we have to find ways to share information. Education is the key to protect these assets.

[Schratboy]

Removable media security

The hospital types want to have access to their information so dropping files onto a mem-stick of cd is fast and easy. They just assume that it won't leave their person or that it won't ever fall into another person's hands. The IT managers and Purchasing types won't spend the cash for media encryption so they leave the PHI exposed....seriously exposed. HIPAA stipulates protection of these types of devices with encryption so the execs and admins should be appropriately fined and rebuked...They're just too casual in how they treat other people's information. But, then again, they already got paid so they don't really care.

[wbenton]

Stupid is as stupid does!

If they had strong ISMS Security Policies in place, they would have KNOWN for surewhether the data was adequately protected.

If they had strong Security Policies in place, they would not have misplaced the disk in the first place.

By the way, what is an external company doing with internal private information?

Security should NEVER be outsourced!!!

Many think that security is too costly, but if you look at the loss of image/business, claims and credit reporting fees... implementing the "too costly" security tends to look like a bargain deal!!!

Walt