The American Red Cross (Red Cross) recently experienced a breach of information security at the Missouri-Illinois Blood Services Region. This breach does not affect health history information, but "identifying information", including donor names, dates of birth and Social Security Numbers (SSNs), which is contained in the affected database. The incident did not involve hacking from outside the Red Cross. Rather, a Red Cross employee stole donor information. A federal grand jury has indicted the former employee, who used donor identifying information to obtain credit cards and other accounts. The former employee, who passed all background checks prior to employment, is currently awaiting trial.
The Red Cross initially provided written notification of the security breach to potentially affected donors on March 17, 2006. Red Cross has learned from federal authorities, however, that other donors have been affected by the security breach. While the former employee had limited access to donor identifying information, Red Cross cannot determine whose records that individual may have accessed. For that reason, Red Cross is providing this notice to all blood donors who have donated in the Missouri-Illinois Blood Services Region as a precaution.
The Red Cross and law enforcement officials strongly encourage Red Cross Missouri-Illinois blood donors to contact one of the three major credit bureaus as soon as possible to request a free copy of their credit reports. This will enable blood donors to determine whether their identifying information has been compromised. The toll-free numbers and websites for those companies are: Equifax: 800-685-1111; www.equifax.com; Experian: 888-EXPERIAN (888-397-3742); www.experian.com; TransUnion: 800-916-8800; www.transunion.com.
Any blood donor who discovers unauthorized activity (including credit inquiries) should contact the United States Postal Inspection Service at 1-866-908-7747 by June 30, 2006. PLEASE CHECK YOUR CREDIT REPORT FIRST, AND ONLY CALL THE UNITED STATES POSTAL INSPECTION SERVICE IF YOU DISCOVER UNAUTHORIZED ACTIVITY. In addition, blood donors with additional questions may call the Red Cross at 1-800-728-4715, or contact Red Cross by email at ARCMissouriIllinoisDonorSupport@usa.redcross.org. This information will assist federal law enforcement in the investigation of any and all crimes committed as the result of this security breach.
Blood donors also may want to put a fraud alert on their credit reports. When placed on a credit record, a fraud alert can help prevent an identity thief from opening any new accounts in the donor's name. Blood donors should contact the toll-free fraud number of any one of the three consumer reporting companies listed above (Equifax, Experian or TransUnion) to place a fraud alert. That company is required to contact the other two companies, and they are also required to place an alert on their versions of the donor's credit report.
If a blood donor believes he or she has been the victim of identity theft, the donor can also submit a complaint to the Federal Trade Commission (FTC). The FTC serves as the federal clearinghouse for consumer complaints on identity theft. Information on filing a complaint with the FTC is available on the agency's website at https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03. Blood donors can also contact the FTC by phone at 1-877-IDTHEFT (1-877-438-4338).
Should a Missouri-Illinois blood donor be required to pay for obtaining a current credit report, the Red Cross will fully compensate that donor for the cost of obtaining credit reports from the three credit bureaus. Those donors should send a brief letter, along with any supporting documentation of fees for such reports, to: Security Manager, Missouri-Illinois Blood Services Region, American Red Cross, 4050 Lindell Blvd., St. Louis, MO 63108.
Red Cross is taking the following steps to ensure that this type of security breach does not occur in the future:
* Staff in all departments have been reminded that donors are not required to furnish their SSNs, and have been reminded that misuse of personal identifying information is a crime, and is grounds for termination of employment. * Red Cross is making software changes to further restrict access to SSNs. * Red Cross is continuing to invest in state of the art technology to increase information security.
Red Cross deeply regrets any inconvenience that this security breach may cause its blood donors, and appreciates the continued support of Red Cross.
[an error occurred while processing this directive]