backtop

Print 15 comment(s) - last by security buff.. on Feb 10 at 8:23 PM
Kaiser Permanente has suffered a security breach and the personal information of 30,000 California employees has been compromised

Almost 30,000 Kaiser Permanente employees working in northern California will be receiving notification letters this weekend informing them of a major security breach that has taken place causing their personal information to be compromised.

The information includes names, addresses, Social Security numbers, and dates of birth for the Kaiser employees.

A press release issued by Kaiser indicated police officers have arrested a person who had computer files with Kaiser human resources information, and that person was arrested in late December.  

Mia Garza was arrested by San Ramon police on December 23 and now faces two charges of receiving stolen property, two counts identity theft, and two counts of forgery.  It remains unclear how Garza came to possess the Kaiser files, and police officials haven't speculated how she came into possession of the computer data.

"We immediately launched an internal investigation and are working to determine the source of this breach, and we are working closely with law enforcement in their investigation," the company said in a statement. "To our knowledge, only a handful of employees have reported identity theft."

The company isn't sure how the data breach occurred or how many employees have been affected, except for a "handful."  Kaiser patients haven't been compromised, and individual medical records are still secure.

Kaiser is now offering northern California employees one year of free credit monitoring for all those affected.  The insurance company is recommending all employees place a fraud alert on their credit lines and to order copies of credit reports as soon as possible.

When companies announce data breaches this size, it’s normally customers and patients who have been compromised, not employees.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Can our data be completely secure?
By roostitup on 2/8/2009 3:10:36 PM , Rating: 2
At this point, with all the data breaches that have been occuring (British gov't, World Bank & etc.) how could we ever trust giving our information to anyone? These "high security" data servers are being breached all the time now and I'm beginning to believe that our information isn't even safe with "trustworthy" sources. The sad thing is, we can't escape it! No matter what we do there are many places that NEED our private information to process & identify us, so it's somewhat like a vicious cycle that no matter how much we don't want to give out our information, we HAVE to! I know I've filled out many forms for jobs, drivers licenses, doctor visits & etc that require me to write down my SSN & other private information to allow me to continue when I would much rather not release it. No matter what we do we have to eventually give our information out and enevitably that information will get put into a computer database that (at the pace of things) will eventually get comprimised. Since we HAVE to use our private information to get anywhere we need to greatly improve our security measures & with this economy it doesn't seem like security will get improved very much either. I don't even trust the governments security anymore. This is quite a problem that NEEDS to be looked at and improved or many more of us will get screwed out of our private information.




RE: Can our data be completely secure?
By JediJeb on 2/8/2009 3:23:25 PM , Rating: 2
The thing that most people don't know is that it is actually illegal for anyone to require your SSN except for when they are dealing with taxes and such ( employment, bank loans ect.) If a merchant asks for your SSN you can make them take an alternate form of ID such as a Credit Card number or Drivers License Number. Here in Kentucky the state had to stop using the SSN for the Drivers License number because someone took them to court over it. The university I attended back in the late 80's also had to change their policy of using the SSN as your student ID for the same reason. Many places do it because it is easy, and that is what is getting us into so much trouble with identy theft.


By roostitup on 2/8/2009 3:38:45 PM , Rating: 2
True, but at the same time you are still giving away private information that can lead to gaining more private information that originally didn't need to be given out. The college I went to also required you to use your SSN as your student ID, but they changed the rule in my Junior year (2006) and I got a new number. This doesn't fix the issue that my SSN is still out there because of all these mistakes over time.


RE: Can our data be completely secure?
By Lerianis on 2/9/2009 7:18:57 AM , Rating: 2
Actually, most people do know that who have parents that are smart. That was one of the first things my parents told me when they gave me my SS card when I was 12: never give out the numbers on them to ANYONE except known legitimate schools, employers and the government itself for tax purposes.

Really, there is no reason why a SS number should be used for ANYTHING but SS.... the rest of those things that we use: driver's licenses, etc. can have a randomly generated number on them.


By theapparition on 2/9/2009 12:29:57 PM , Rating: 2
I guess gone are the days when in college our grades were posted on the outside of the classroom, organized by SSN, since that was also your school ID#.

Guess they don't do that anymore.


By zergworld on 2/10/2009 8:16:17 PM , Rating: 2
Personal does not equal Private. Personal information should no longer be used for automated identity verification. Identification by way of personal information is one thing. Authentication should be something private or inseparable from the owner. Authentication should be some kind of global password, digital key, etc. It would be nice for commerce sites, banks, government, etc, to fix this problem. Identity theft (theft of personal information) does not have to result in asset vulnerability, provided that usage of identify information is authenticated.


the janitor did it!
By albundy2 on 2/9/2009 3:07:22 AM , Rating: 2
i should know, we can smell our own.

i guarantee she was the janitor. being a janitor, i can safely say people SERIOUSLY underestimate our intelligence. we clean your offices, we see all those little postits with user name's and passwords. confidential files left in plain sight. account numbers, ect....

remind me again... how safe is your computer when i am left alone with it and the passwords your too lazy to remember?

not all of us dumb janitors are there because we fail at life, some of us are just paying the bills till something better comes along.

it's better than sittin on your ass collecting unemployment or welfare.




RE: the janitor did it!
By Lerianis on 2/9/2009 7:22:54 AM , Rating: 1
Unfortunately, I think you might be right. It is VERY possible that it was a janitor or other 'low pay' person who looked over another person's shoulder, got their password, then stole this data.
That has happened SO many times recently that it's not even funny anymore.

I do have to say one thing however: being a janitor is NOT better than being on welfare or unemployment... between the two, I would take unemployment any day of the week, having worked as a janitor for a short period when I was 16 during the summer.


RE: the janitor did it!
By rcc on 2/9/2009 2:24:29 PM , Rating: 2
There speaks a welfare mentality.

Any work is better than none, unless of course you are independently wealthy. That doesn't mean you don't keep trying harder to find a better job. But you do what you have to to keep it all together.

IMNSHO, of course.


RE: the janitor did it!
By albundy2 on 2/10/2009 7:19:52 AM , Rating: 2
dont like restrooms eh?


This is becoming too common
By JediJeb on 2/8/2009 3:14:50 PM , Rating: 2
We have had government employes walk out with laptops containing thousands of peoples information that gets stolen, banks and other businesses just like this one having peoples data comprimised, and it seems nothing happens to the ones who should be protecting the data. No encryption and simple passwords are usually to blame, and systems that are completely open don't help either. If McDonalds can be held liable for not telling someone that coffee is hot, why isn't someone in just as much trouble over letting things like this happen? I have never been one for bigger government and more regulations, but the seems to be a need for some kind of penalty for allowing this to happen.

I know it would be a major pain for I.T. but shouldn't data like this be split into at least two data bases where one contains names and id numbers and the other id numbers and the information, with possibly some sort of key needed to link the two, so that even if the two databases are stolen, without the key the data won't be comprimised?

I am pretty much a tech freak nerd, but every time I read stories like this it makes me want to only use cash for my purchases and never give out my real name even to the doctors lol.




RE: This is becoming too common
By cheetah2k on 2/8/2009 8:57:23 PM , Rating: 2
My initial thoughts into this article was "who the f.... is Kaiser Permanente"?

Any chance there could be a summary at the bottom of the article giving a brief on Kaiser, so that n00bs like me dont have to google to get the idea?

Kaiser is a health care provider. See Wiki http://en.wikipedia.org/wiki/Kaiser_Permanente


RE: This is becoming too common
By cheetah2k on 2/8/2009 9:00:49 PM , Rating: 2
Actually my initial thoughts were "Kaiser? Do you mean someone stole a HTC Kaiser? And how the f... did they get the medical info of 30,000 employees on a HTC Kaiser??"

<sarcasim>


Not as good as Keyser Soze
By homebredcorgi on 2/9/2009 1:56:58 AM , Rating: 2
What scares me even more are the companies that DON'T say anything when they have a data breach. Assuming this wasn't some elaborate inside job, let's hope the IT guys got canned. Pretty sad that we have to entrust so much vital information with so many private institutions...can't say I can think of a reasonable alternative though. Barcode on the forehead or chip in the ass?




Re: The Janitor did it
By security buff on 2/10/2009 8:23:08 PM , Rating: 2
Cleaning services blame building Security, building Security blames cleaning services. These jobs can be taken by hackers for the sole purpose of information recognizance. Most places hire outside contractors to clean and secure buildings. Contactors background checks are never as complete as employees. Should not be surprised by the frequency and magnitude of breaches.




"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg









botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki