Indiana officials say the personal information of at least 14 welfare clients has been shared with others because of a contractor's computer programming error in a security breach potentially affecting more than 187,000 people.
Indiana Family and Social Services Administration (FSSA) disclosed the potential breach Monday. It says the Social Security numbers of nearly 4,000 clients might have been shared with other clients.
Agency spokesman Jim Gavin says so far it has learned of 14 cases in which personal information was received by the wrong person. That information could include names, benefits, monthly income and medical information. Gavin says FSSA does not believe the error resulted in a "widespread disclosure of information."
FSSA says the error was made April 6 and affected correspondence mailed to clients until May 21.
The FSSA says it's in the process of notifying clients who are at risk.
According to the agency, RCR Technology Corporation (RCR), a contractor for FSSA, made a computer programming error to a document management system the company supports on behalf of FSSA. RCR says it's taking steps to prevent it from happening again.
"This error caused an undetermined number of documents being sent to clients to be duplicated and also inserted with documents sent to other clients. This means some of the clients may have received documents belonging to other clients along with their own documents," the FSSA said.
The mistake happened on April 6, 2013, and affected correspondence sent between April 6, 2013, and May 21, 2013. The error was discovered on May 10, 2013. RCR determined the root cause of the programming error and it was corrected on May 21, 2013.
The FSSA says it has sent written notices to the 187,533 potentially impacted FSSA clients informing them that some of their personal information may have been disclosed.
The type of information that may have been disclosed includes name, address, case number, date of birth, gender, race, telephone number, email address, types of benefits received, monthly benefit amount, employer information, some financial information such as monthly income and expenses, bank balances and other assets, and certain medical information such as provider name, whether the client receives disability benefits and medical status or condition, and certain information about the client's household members like name, gender and date of birth.
Of the 187,533 clients, 3,926 may have had their social security numbers disclosed. This is being noted in the specific letters being sent to this smaller group.
The FSSA says it doesn't know which clients had personal information revealed, so it's notifying all clients of the potential.
If you're among those clients who were notified, the FSSA says to place a fraud alert on your credit report. A fraud alert places a note on a credit report for 90 days requiring creditors to verify identity before granting credit. There is no charge for a 90 day alert.
For those clients who may have had their Social Security information disclosed, additional advice is being given to them that they could place a security freeze on their credit reports. This can block an identity thief from opening a new account or obtaining credit in the client's name. Any Indiana resident can request a security freeze at no charge by contacting all three credit agencies below either online or by sending a letter:
Equifax Security Freeze; 1-888-766-0008
P.O. Box 105788
Atlanta, GA 30348
Experian Security Freeze; 1-888-397-3742
P.O. Box 9554
Allen, TX 75013
Trans Union Security Freeze; 1-800-680-7289
P.O. Box 6790
Fullerton, CA 92834-6790
Statement from Debra Minott, secretary of the FSSA:
"Clients entrust their information to us and we take the security of that information very seriously. We are ultimately responsible for the safekeeping of that information and regret that in this rare instance some information may have been accidently shared inappropriately. We do not believe this was a widespread disclosure of information and have only been made aware of a handful of instances where information was received by the wrong person. Still, we are taking the most complete and prudent approach to notifying all potentially impacted clients."
Statement from Robert C. Reed, president of RCR Technology Corporation:
"We at RCR Technology Corporation apologize that our actions may have caused some FSSA client information to be disclosed in error. We will do everything possible to prevent such an incident from happening again in the future. We value our relationship with the State of Indiana and our service to our fellow Hoosiers who are clients of the Indiana Family and Social Services Administration."