Your identity, lost and found

“We’re being warned on television about people going through your identity documents and so forth,” Bevan Bullock, a British pensioner, told the BBC. “The government are now giving them out willy-nilly.”

Not only that, they’re losing and having stolen your information too. And thanks to the miracle of modern technology, they’re doing it faster than ever.

Last week, the UK Department of Work and Pensions mistakenly sent 26,000 pensioners’ bank account numbers and national insurance details to the wrong addresses. Worse, officials don’t even know why it happened. The “sheer inefficiency” of the government is “appalling,” pensioner Margaret Rothwell said. I couldn’t agree more. That’s why government has no business in areas critical to life such as health care, welfare and retirement.

Closer to home, last week 750 students of Central Connecticut State University received Internal Revenue Service 1098T tuition statement forms from the university, with their Social Security numbers clearly showing through the envelope window. A machine was folding the forms incorrectly, and officials there were able to catch the problem before it affected everyone at the school.

On January 29, East Carolina University posted the personal information, including birth dates and Social Security numbers, for 65,000 students, faculty members and staff online for all to see. Officials couldn’t determine how many people looked at the files, but said that only 21 credit card numbers were compromised. Sure. I believe that. Ironically, the university was trying to remove some personal information from the site and screwed something up, leading to the breach.

And in Washington, D.C., officials there just gave the Social Security numbers of 2,000 D.C. police officers to two people who had asked the city for information about police overtime. The people who received them, two Advisory Neighborhood Commission officials, have erased the information, according to the D.C. Chief Financial Officer. But officers can still get a free year of credit monitoring, just in case.

In Indiana, a hacker broke into the state’s Web site, www.in.gov, and obtained 5,600 credit card numbers of people who did business with the state online and which the state failed to protect properly. The loss of the credit card numbers went unnoticed for nearly a month, despite the site implementing “the highest levels of security.” Yeah, right. “I will say on the record that the buck stops with me, and I am deeply apologetic,” Chris Cotterill, the site’s director, said.

A computer virus is being blamed for a security breach at Radford University in Virginia, which potentially lost the identities of 2,400 children whose parents had enrolled them in the state’s Medicaid program and a local assistance program. A university spokesman said that the personal information had been compromised but refused to answer questions about who they were, why they had the information, or what measures were being taken to protect children’s identities in the future.

Update: Radford spokesman Rob Tucker wrote in and provided the following statement:

No evidence exists that information was compromised and no one from the university said that information had been compromised. And we are answering all questions from individuals about “who they were, why they had the information, or what measures were being taken to protect children’s identities in the future,” contrary to your erroneous report.

The reporting from WSLS-TV cited in this article stated, in relevant part:

Radford spokesman Rob Tucker said a virus put the information at risk. He said most of the 2400 identities were not RU students but declined to tell who they were or why their information was on an RU computer.

It would seem that the university is answering questions from affected families, but perhaps not from the press.

And to update an earlier story on the Veterans Administration losing a portable hard drive in Birmingham, Ala., containing records for 48,000 veterans, Secretary of Veterans Affairs Jim Nicholson announced Sunday that the drive may have contained a lot more information than that: 535,000 individuals and 1.3 million non-VA physicians, both living and dead, could have been on the drive. The VA uses the non-physician data to determine how well its own physicians provide care in comparison.

Finally, for those of you who think the best defense against identity theft is really bad credit, think again. The applications for 262 people who applied to rent from a Rent-A-Center store in Midvale, Utah, were found in a box in the garbage behind the building. Rent-A-Center denies having thrown them out, and says that perhaps burglars took the files outside while they were cleaning out the store. But the local police said they had no report of a burglary from the store.

Fortunately, in most places, Rent-A-Center has competition who will be quick to seize upon this and start touting their procedures for keeping customers’ personal information safe. When dealing with the government, there is no competition, and so you are not safe and cannot protect yourself.

(Hat tip: For more privacy news than you could possibly read in one day, visit Pogo Was Right.)