Citizens in the state of Connecticut had reason for alarm recently when news broke of a security breach of the state’s Affordable Care Act agency. While not the same as the federal HealthCare.gov website that has been at the center of so much technological criticism and concern, the state’s agency—known as Access Health CT—allowed people to sign up through the state office for health care coverage.
But the Hartford-based Access Health CT office received a call from local law enforcement officials about a potential data breach when a backpack filled with handwritten note pads was found across the street from the agency’s offices. The notepads contained the names, Social Security numbers, and other personal information of more than four hundred applicants.
This recent security breach isn’t a political issue or a show of support or condemnation for the ACA, but hopefully reminds the public of an even bigger threat to their personally identifiable information. Whether we like it or not, opportunistic criminals are everywhere and can be found in just about any industry. The combination of low wages and high debt can lead people to take advantage of an opportunity that sits right in front of them on their computer screens, eight hours a day.
There seems to be no workplace that is completely immune from the danger of an employee stealing its customers’ identities. The hotel and restaurant industries are actually the single largest source of “inside job” identity thefts, but many other workplace environments lend themselves to this kind of crime. Medical offices are notorious for incidences in which billing office staff or medical transcriptionists—two positions that are often outsourced to third party companies or individuals—gather personal information and sell it to identity thieves. Public schools have also been the subject of multiple investigations, and reports have surfaced that staff members had stolen and sold the Social Security numbers of as many as four hundred students in one Florida elementary school alone. Even police officers have been arrested for using the state’s driver’s license database to steal citizens’ identities.
But if this kind of crime happens without the victim’s knowledge, what are you supposed to do to protect yourself?
First, make sure that any agency or office that you give your personal information to actually has a right to it and a need for it. Doctors’ offices, schools, and private businesses are not entitled to your Social Security number, but many of them ask for it as a means of identification or in order to turn you over to collections if you fail to pay. Remember, that number is not to be used for either of those purposes, and businesses, schools, even your child’s day camp do not have the right to ask for it.
But some agencies or institutions will need it, such as a bank or the DMV. Be sure you know who is receiving that application and what will happen to it once it leaves your hands. Sometimes, just indicating to the person that you want to know how they plan to protect your information is enough to keep them from letting it be used against you.
Most important of all is to check your information periodically for any suspicious activity. Check your bank and credit card statements for charges you’re not aware of, check your health Explanation of Benefits and confirm that those payments were for actual medical visits for you or your family.. Request your credit report annually and review it closely for unauthorized debts or accounts you didn’t open. When your Social Security report comes each year, look at it carefully for any sources of income that don’t belong to you and that could indicate someone is using your number.
These steps can help you put a stop to criminal activity associated with your identity in a timely way, and hopefully before too much damage is done.
This blog is a part of the ITRC’s ongoing commitment to spreading knowledge and awareness of data breach issues. This work would not be possible without the generous support of IDT911 and their commitment to keeping the public informed regarding this issue. The ITRC Data Breach Report is available weekly and all information is free to the public.