On Friday, state officials said that personal information about more than 700,000 individuals who provide or receive home care under California's In-Home Supportive Services program might have been compromised while being transported in the mail, the Los Angeles Times reports (Megerian, Los Angeles Times, 5/12).
IHSS provides services for the elderly and people who are blind or have disabilities (California Healthline, 3/20).
The breach occurred when Hewlett Packard -- which handles payroll data for IHSS workers -- shipped information to an office in Riverside on April 26. The package arrived on May 1 damaged and incomplete.
Oscar Ramirez -- a spokesperson for the Department of Social Services -- said microfiche containing the data was missing from the shipment when it was delivered (Los Angeles Times, 5/12). He said it is unknown whether the information was lost or stolen (AP/San Jose Mercury News, 5/12).
The possibly compromised information -- dated from October 2011 to December 2011 -- included information on about 375,000 IHSS workers, such as:
- Social Security numbers; and
In addition, the data included state identification numbers for 326,000 care recipients.
According to Ramirez, the state has opened an internal investigation and notified law enforcement of the breach (Los Angeles Times, 5/12). Officials are notifying residents who could be affected by the incident (AP/San Jose Mercury News, 5/12).
Reaction to Breach
According to the Times, home care advocates and union officials were alarmed by the procedure for transporting sensitive personal data.
Steve Mehlman, a spokesperson for a labor union representing 65,000 home care workers, said, "It's hard for us to believe that in one of the largest states in the union, we're using such an antiquated system." He noted that the system "clearly needs to be modified."
Michael Cox, a spokesperson for Service Employees International Union, said the fact that such "primitive security measures are still in place is inexplicable" (Los Angeles Times, 5/12).