Tapes Containing Information On 800K Lost From California Child Support Agency

Backup cartridges containing records on 800,000 individuals belonging to the California Department of Child Support Services (DCCS) were lost in transit between an IBM facility in Colorado and DCCS’s headquarters in California On March 12, according to a statement from DCCS. (PDF)

Backup cartridges containing records on 800,000 individuals belonging to the California Department of Child Support Services (DCCS) were lost in transit between an IBM facility in Colorado and DCCS’s headquarters in California On March 12according to a statement from DCCS. (PDF)

The records in question relate to child support cases managed by the agency and include the names, addresses, Social Security Numbers, driver’s license or state identification numbers of state residents, as well as the individuals employer information, the names of healthcare providers and health insurance plan membership identification numbers, according to the DCCS statement.

The tapes were not encrypted and were being handled by storage firm Iron Mountain on behalf of IBM and were not encrypted, according to Connie DaMant, the assistant director for legislative and external affairs at DCCS. 

DCCS was notified by the California Office of Technology Services on March 12 that the tapes were missing. Damant said that Iron Mountain is trying to locate the tapes in its other facilities. 

“The search continues,” she said. “They’re searching all their facilities to try to locate these backup devices.”

DCCS is a state agency that enforces child support agreements and collects child support from non custodial parents to send to custodial parents to care for their children. 

DCCS said that it had no reason to believe the data on the tapes had been accessed or used in any way.

Lost backup tapes are a frequent cause of data loss incidents in both the public and private sectors. In September, 2011, Military health service providers, TRICARE and Science Applications International Corporation (SAIC) reported a data breach of involving the personal information of an estimated 4.9 million military clinic and hospital patients after backup tapes went missing.  Earlier this month, BlueCross BlueShield of Tennessee was ordered to pay a $1.5 million fine to the Department of Health and Human Services for violating the data privacy provisions of the Federal Health Insurance Portability and Accountability Act (HIPAA) after unencrypted backup tapes containing patient data went missing.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.