California Department of Social Services is notifying over 700,000 In-Home Supportive Services providers and recipients that their data may have been lost. An FAQ on the department’s web site explains that CDSS became aware of the breach on May 9. The information was in a package that was damaged in transit between a Hewlett Packard processing center and the State Compensation Insurance Fund.
The information included IHSS providers’ names and Social Security numbers as well as their case numbers and provider’s numbers. For recipients, the data included employer identification numbers.
The package, which was mailed on April 26 via U.S.P.S., arrived on May 1, but was not intact.
According to Chris Megerian of the Los Angeles Times:
The possibly compromised information, dating from October to December 2011, for 375,000 workers included names, Social Security numbers and wages. For 326,000 recipients, state identification numbers may have been compromised.]
Not addressed on the state’s web site were answers to these two questions:
1. Why was Hewlett Packard using U.S.P.S. to ship payroll data, and
2. What format were these documents in? It sounds like these may have been paper documents in the package. If so, Why not electronic and secure transmission?
Update: It was microfiche.