On March 29th, 2012, according to the California Department of Child Support Services, the records of more than 800,000 individuals may have been lost by their service providers IBM and, ironically by way of their blog post, Iron Mountain. The statement by DCSS indicates that storage devices used for data backups cannot be found, and there ultimate whereabouts are unknown. The data fields included on the lost devices include a great deal of critical information including: Names, addresses, Social Security Numbers, drivers license numbers, names of health insurance providers, and employment information.
The data loss event should be specially noted because of the strict data protection and breach notification requirements in the State of California such as Cal. Civ. Code §§ 56.06, 1785.11.2, 1798.29, 1798.82.
This loss of backup devices underscores the critical importance of encrypting backup devices including tapes and hard drives.
To view the Breach notification letter that was sent out, please visit: http://oag.ca.gov/ecrime/databreach/reports/sb24-22855
For assistance in choosing and implementing encryption technology, please contact RISC Management http://www.RISCsecurity.com 630.264.1472
2 thoughts on “CALIFORNIA DEPARTMENT OF CHILD SUPPORT SERVICES DATA BREACH”
any follow up on this?
State of CA says the data was encrypted (per phone call today), but other sources on the web dispute that.
Good day David. I have not been able to locate conclusive information on the state of encryption of the data tapes. If there is a definitive statement you have come across, please let us all know. The official notice at DCSS’ website has not been updated ( http://www.childsup.ca.gov/portals/0/home/docs/MissingStorageDeviceFAQsforChildsup.pdf )Thank you! Chris