Computer breach leaves county personnel vulnerable

July 30, 2005

By Gig Conaughton

SAN DIEGO ---- A computer breach may have exposed more than 32,000 current and former San Diego County employees to financial danger and may have revealed the closely guarded home addresses of some 5,000 law enforcement personnel, officials said Friday.

Two computers containing names, Social Security numbers, dates of birth and addresses of current and retired San Diego County employees and their assigned departments were apparently hacked last week, San Diego County Employees Retirement Association leaders said.

Officials said they are still investigating to see if the information, which was exposed for a period of time, was copied or downloaded.

Brian White, executive director of the association, the independent agency that manages the county's $6.3 billion pension fund, said Friday that the association was busily mailing warnings to its members about the breach.

White said that a routine maintenance inspection of two new servers ---- computers that provide data and information to other computers ---- showed that some unknown, outside agent hacked in on July 21.

White said the computers had been fixed and are once again secure.

He added Friday that association officials did not realize until late Wednesday afternoon that the computers contained some personal information about its members, including Social Security numbers that can be used to steal identities and open credit accounts, and addresses.

However, a number of officials on Friday said they were even more troubled by the fact the information ---- if it was downloaded ---- contained the home addresses of all current and retired members of the San Diego County Sheriff's Department and district attorney's office.

The information did not specify the employees' positions. Law enforcement officers typically guard their addresses closely for fear of retribution or being targeted.

"We're concerned about that," Jim Duffy, president of the county Deputy Sheriff's Association, said. "The home addresses of thousands of law enforcement officers has value to people who don't like what we do."

Sheriff's Sgt. Dave Myers, who is also chairman of the retirement association's board of directors, said police and officers of the court "go to great lengths" to try to keep personal information about where they live "secure," especially in the age of the Internet.

Deputy District Attorney Keith Burt, director of the multiagency "Computer And Technology Hi-Tech Response Team," said the unit is investigating, but could provide no new details about who hacked into the system or what they may have seen.

White, Myers and Duffy said they hoped the investigation would show that the information, while exposed, had not been copied or otherwise compromised.

"We're hoping for the best," Duffy said.

Myers and White, meanwhile, said the retirement association was doing everything it could to cooperate with law enforcement and get the word out to the pension members about what actions they could take to protect themselves.

The letter sent to pension members included telephone numbers for members to call to get information to protect themselves from identity theft ---- what many law enforcement officials say is the fastest-growing crime in the nation.

White said the association's main computers were not hacked into, and that no information about retirees' pension benefits, payments or other personal financial information was compromised.

But Burt and officials from the Identity Theft Resource Center in San Diego said that having access to a person's Social Security number were "the keys to the kingdom" and could potentially allow criminals to get credit cards or take out loans under victims' names and bankrupt them.

"You're naked," Jay Foley, co-founder of the resource center said. "That's not a good thing."

Foley said anyone who suspects they could be the victim of identity theft should take some immediate steps:

Request free credit reports from each of the three major credit reporting companies, Equifax, Experian, and Transunion.

Ask the companies to place a "fraud alert" on your credit report and to indicate on your reports, "My identification has been used to apply for credit fraudulently. Contact me at (telephone number) to verify all applications."

Ask that the companies give you a "credit freeze." A credit freeze stops lenders and others from reviewing a person's credit history without first contacting them. Because few lenders will issue credit without first seeing a credit report, identity thieves would be unable to open fraudulent accounts.

Identity theft has shown up increasingly in the news in recent years. In February, the personal records of 145,000 Americans were exposed when hackers broke into computers run by ChoicePoint, a Georgia-based information database company.

The nonprofit Privacy Rights ClearingHouse reports that since the ChoicePoint incident just six months ago, 61 other separate computer breaches in banks, colleges, schools and companies have exposed more than 50 million Americans to the threat of identity theft.

County pension beneficiaries who would like more information about the breach can call the association at (619) 515-0130, or (888) 473-2372.

main page ATTRITION feedback