Online attack puts 1.4 million records at risk
By Robert Lemos
Staff Writer, CNET News.com
Published: October 20, 2004, 5:36 PM PDT
An August intrusion into a social researcher's computer may mean that more than a million Californians need to call the credit bureaus.
On Tuesday, the California Department of Social Services warned the providers and recipients of the state's In Home Support Services (IHSS) that their names, addresses, telephone numbers, Social Security numbers and dates of birth may be circulating the Internet. IHSS allows individuals to get paid for providing in-home care to senior citizens.
The warning comes after an unknown attacker slipped in through a security hole in a social researcher's unsecured computer at the University of California, Berkeley, on Aug. 1, perhaps making off with 1.4 million database records containing personal information. The researcher noticed the trespass on Aug. 30 and the university notified the state in mid-September.
• Incident: Personal records on a UC Berkeley computer may have been compromised
• Affected: Up to 1.4 million providers and clients of the California Department of Social Services
• So far: The state says there's no sign the data was stolen or misused
• Steps: Those affected are warned to contact the major credit bureaus and put warnings on their credit card accounts
• For more information: See the DSS site. "We have only determined that the computer itself was accessed," said Carlos Ramos, assistant secretary at the California Health and Human Services Agency. "We haven't determined that the data was accessed."
The FBI and the California Highway Patrol--the state police agency--are investigating the incident, the California DSS stated.
The intrusion is not the first to net personal information at a university. A laptop stolen from the University of California, Los Angeles, exposed about 145,000 people's data. Last year, the Georgia Institute of Technology and the University of Texas at Austin fell prey to online attackers. The California Employment Development Department also may have exposed 55,000 names in February.
In the latest case, a UC Berkeley researcher had lawfully obtained the information as part of a research project into the effectiveness of the IHSS program. However, he had not followed policy that specified that sensitive information, such as Social Security numbers, be removed from the database.
The participants may not have known that their information would be shared, but the DSS is allowed by law to share the information for the purpose of research.
While about 1.4 million records may have been compromised, there also may have been many duplicates, Ramos said. The researcher had the initial database and several updates that brought the total to 1.4 million records, but many of the updates may have been updates of earlier personal information already in the database, he said.
The state stressed in its statement that officials had not received any information indicating that identity theft or misuse of data had occurred. However, the state also recommended that members of the IHSS program contact the three credit bureaus and place a fraud alert on their credit accounts.
A recent survey of online users found that 80 percent are concerned that someone may steal their identity. The survey, fielded by pollster Greenfield Online and security firm Entrust, found that 65 percent of respondents said increased identity protection would influence their decision in selecting a financial institution.
The California government's recommendations for potential victims of the data theft underscore how little people can do to curb the illegal use of their information. While putting credit accounts on fraud alert may make it harder to co-opt financial accounts, forget trying to change a Social Security number, the DSS stated.
"There are drawbacks to doing so, since it may result in losing your credit history, your academic records and professional degrees," the department said in a statement. "The absence of any credit history under a new SSN would make it difficult to get credit, continue college, rent an apartment, open a bank account, get health insurance... In most cases, getting a new SSN would not be a good idea."
- General Discussions, Forum Registration, and ID Theft and Credit-Related News Stories
- General Discussion
- News Stories on Identity Theft, Personal Data Thefts and Credit Reporting Abuses
- Current Cases
- Lawyer Jokes
- FCRA Statute and Defined Terms Under the FCRA
- FCRA Statute And Amendments: 15 U.S.C. 1681, et. seq.
- What is a Consumer [Credit] Reporting Agency?
- What is a Consumer [Credit] Report?
- Resellers: Who are They? What Do They Do? Are They Liable Under the FCRA?
- Investigative Consumer [Credit] Reports
- Who is a Furnisher?
- How to Get Your Credit Reports and How and Who to Write Your Dispute Letters to
- How To Get Your Credit Reports
- Dispute Letters
- Do You Have To Pay For Your Credit Report?
- FCRA Private Rights of Action and Duties Imposed by the FCRA
- Impermissible Access: 15 U.S.C. 1681b[f] and 1681q
- Front End Duties of the Credit Reporting Agencies: 15 U.S.C. 1681e(b)
- Back End Duties of the CRAs: 1681i[a]:
- Credit Bureau's Duty to Provide Consumer Documentation to Furnisher: 1681i[a][B]
- Duty to Add a Consumer's Dispute Statement in Association with a Specific Account and In Connection with the Credit File/Report: 15 U.S.C. 1681i[c]
- Furnisher FCRA Liability: 15 U.S.C. 1681s-2
- Failing to Mark Contested Accounts As Disputed: 15 U.S.C. 1681s-2[a]
- Obsolescence: When Must the Credit Reportings Come Off of the Credit Report: 15 U.S.C. 1681c
- Duty to Notate Disputed Accounts As Such: 15 U.S.C. 1681c[f]
- Adverse Action Notice Rules: 15 U.S.C. 1681m and ECOA
- Credit Solicitations Are Required to be Clear and Conspicuous: 1681m[d]
- Potential Exposure For Sanctions Due to Filing Bad Faith FCRA Cases: 15 U.S.C. 1681n[c], 28 U.S.C. 1927, and Fed.R.Civ.Proc. 11
- Credit Repair Organizations Act [CROA]
- 1681g: Credit Bureaus' Duties to Provide Reports/Disclosures and to Add 100 Word Statements of the Consumer
- Affiliate Sharing Problems and Violations, 15 U.S.C. 1681s-3
- Common Credit Report Errors and Agency Misconduct
- Credit Errors
- Theft of Identity
- Mixed File Cases
- Re-Aging: Debt Collector's Efforts to Revive Obsolete Reportings
- Reinsertion of Previously Deleted Data: How and When Can It Happen?
- VIP Databases and Offline Status
- Deceased Reporting Cases
- Causation: The Crucial Link Between Breach of a Duty and Damages
- Causation to Damage [Proving Your Damages Are Related to and Caused by the Defendants
- Types of Damages, Remedies, and Awards Under the FCRA and Related State Law Claims
- Damages Under FCRA
- Punitive Damages: 15 U.S.C. 1681n
- Injunctive Relief: FCRA and State Law
- Attorneys' Fees, Litigation Expenses and Costs:
- Declaratory Relief Under the FCRA
- What is Your Potential Case Worth? Other Case Verdicts, etc.
- FCRA Jury and Bench Trial Verdicts
- Other Federal Laws Related to Credit Reporting, Data Privacy, Billing Errors and ID Theft
- FDCPA Statute And Amendments: 15 U.S.C. 1692, et. seq.
- Fair Credit Billing Act, 15 U.S.C. 1666, et. seq.
- Identity Theft and Assumption Deterrence Act of 1998, 18 U.S.C. §1028
- Home Affordable Modification Program (“HAMP”) and Home Affordable Foreclosure Alternatives Program (“HAFA”)
- State Law Claims Related to Credit Reporting, Billing Errors, Privacy Breaches and ID Theft
- Invasion of Privacy: State Law
- Defamation: State Law
- Interference With Prospective Credit: State Law
- Interference With Marital/Family Relations: State Law
- Infliction of Emotional Distress/Mental Anguish: State Law
- Data Breach Claims and Issues
- Unfair and Deceptive Trade Practices Claims: State Law
- Jurisdiction, Venue, Removal to Federal Court, Remand to State Court, and Other Pre-Trial Jurisdicti
- Removal of FCRA Cases From State Court To Federal Court
- Personal Jurisdiction and Venue in Credit Reporting Cases
- FCRA Litigation Strategies and Procedural Issues and Law
- Settlements, Releases, Prevailing Party Status, and Other Things You Need to Know If You Resolve Your Case Before Judgment
- Offers of Judgment In FCRA Litigation
- Secret Documents, Product Information and Testimony
- Choicepoint Secret Documents:
- Equifax/CSC and Affiliates Secret Documents:
- Experian Secret Documents
- Innovis Secret Documents:
- Trans Union Secret Documents
- Furnisher and Public Records Suppliers Secret Documents
- Respondeat Superior, Vicarious Liability, and Whether Others Are Liable
- Liability For Employee's FCRA Violations? Liability For FCRA Violations by Third Parties?
- FCRA Preemption, Immunity, and Qualified Immunity
- FCRA Preemption: 15 U.S.C. 1681t[b][F] and Related Discussions
- FCRA Qualified Immunity: 15 U.S.C. 1681h[e] and Related Discussions
- States/Govermental Immunity From FCRA Claims?
- Jury Voir Dire, Instructions, Verdict Forms, etc.
- Jury Instructions and Jury Verdict Forms
- Jury Questionnaires, Voir Dire, Jury Selection and Jury Bias
- Credit Card Issues
- Credit Card Liabilities
- Do You Have a Right to Bring Claims and How Long Do You Have?
- Statute Of Limitation: 15 U.S.C. 1681p
- Standing to Sue
- Credit Scores, Adverse Action Codes, and Other Report Codes
- Credit Scores, Adverse Action Codes, Risk Factors, Denial Codes and Other Scores and Codes Supplied by the Credit Reporting Agencies
- The Mechanics of Credit Reporting
- Public Records Reportings [Non-Bankruptcy]
- Bankruptcy Reporting
- Student Loan Credit Reporting
- Metro Tape [I and II]: Standardized Credit Reporting Formats Used by the Credit Industry
- Defenses Asserted by Credit Reporting Defendants
- What Law Applies? Problems Barring Use of the Court and Law
- Arbitration, Forum Selection, Choice of Law, Choice of Venue and Other Adhesionary Clauses
- Conflicts of Laws Issues in FCRA and Related State Law Issues
- Standing and Statutes of Limitations
- Statute Of Limitation: 15 U.S.C. 1681p
- FCRA Legal Forms [Suits, Discovery, etc.]
- Discovery: Interrogatories, Requests For Production of Documents, Requests to Inspect, Requests For Admissions, Deposition Notices, Subpoenas, Deposit
- FCRA Sample Pleadings: Complaints, Motions, Oppositions and Other Standard Lawsuit Filings
- Defenses Frequently Asserted by Defendants to Consumer's Actions
- FCRA Class Actions and Class Issues
- FCRA Class Actions
- Special Evidentiary Issues: What is Evidence?
- Evidentiary Issues in FCRA Cases
- Expert Witnesses, Special Issues and Daubert and Related Challenges
- Appellate Issues, Rules, Law, Etc.
- Defenses Asserted by Industry and Abuse Stories
- Defense Counsel Abuses and War Stories
- Law Outlines: Various Topics
Who is online
Users browsing this forum: No registered users and 2 guests