California Agency to Snail-Mail Warnings to 1.4M Potential Identity Theft Victims

The analog approach follows the failure of a Web site and a hotline to reach all but a handful of the potential victims of an August hack into a UC Berkeley computer.

Californias Health and Human Services Agency will spend $691,000 to notify some 1.4 million people that their personal information may have been stolen in an August attack on a computer belonging to the University of California-Berkeley.

Shirley Washington, a spokeswoman for the agency, said the mailing effort—set to begin this week—was necessitated by the ineffectiveness of a hotline and a Web site the agency had initially set up to notify those who are potentially at risk of identity theft.

According to Washington, the hotline received about 9,000 calls, and about 1,000 users accessed the site. "The use of phone calls and the Web werent substantial enough for our satisfaction," she said.

In September, officials at the university said that hackers had taken advantage of a known vulnerability on an unpatched computer to potentially gain access to the 1.4 million names, Social Security numbers, telephone numbers, addresses and dates of birth.

The personal data was that of recipients and providers for the states In Home Supportive Services program, which provides in-home care for elderly people. The data was being used by a researcher who was studying the impact of wages and benefits paid for by providers and how it impacts the relationship between providers and recipients of in-home care, according to Carlos Ramos, assistant secretary at the California Health and Human Services Agency.

Washington said that as of this time, it has not been determined whether the personal data was accessed or used or whether any of the people on the list of those whose data was potentially breached actually suffered from identity theft.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

At the time that the hack was initially reported, the California Office of Privacy Protection recommended that those who suspect their personal data may be at risk should contact one of the three major reporting agencies to receive free copies of credit reports. Contact information for reporting agencies and advice on how to place a fraud alert on credit accounts are located at the California Department of Social Services Web site.


Check out eWEEK.coms for the latest database news, reviews and analysis.