Private data is at risk of theft

July 27, 2006

By Troy Anderson

Security breaches at three Los Angeles County agencies in recent months might have put hundreds of consumers' personal information at risk, officials said Wednesday.

Laptop computers at an Adult Protective Services office in Burbank were stolen over the weekend, the laptop of a community and senior services employee was stolen two months ago and earlier this month a computer hacker in Germany broke into the Community Development Commission's computer system in Monterey Park, officials said.

While no incidences of identity theft have been reported in connection with the cases, county Sheriff's Department officials on Wednesday urged residents and agencies to take even greater care in protecting vital information, noting that identity theft is now the fastest-growing form of consumer fraud, with more than 1 million Californians victimized so far this year.

Lt. Ron Williams of the Southern California High-Tech Identity Theft Task Force said the number of ID-theft cases reported to the Sheriff's Department alone has jumped from 645 in 1999 to 6,132 last year.

In the latest security breach, 11 laptop computers were stolen from an Adult Protective Services office in Burbank over the weekend, said Pat Senette-Holt, spokeswoman for the Department of Community and Senior Services.

"The extent of what information was actually retrieved, we have no way of knowing," Senette-Holt said. "The laptops did contain information that was not for public consumption."

Senette-Holt said an investigation is under way to determine whether information on the laptops could be used to commit identity fraud and how to notify potential victims. County Chief Information Officer Jon Fullinwider said Riverside police have recovered two of the laptops.

The incident followed the theft two months ago of a laptop containing personal information on county employees from the home of a community and senior services employee.

And earlier this month a computer hacker in Germany gained access to a computer system at the Community Development Commission in Monterey Park that contained personal information on 4,800 public-housing residents throughout the county.

"CDC cannot ascertain conclusively that the records were read or copied, but the possibility cannot be ruled out," Fullinwider wrote in a memo to the Board of Supervisors.

Richard Peters, manager of information technology for the CDC, said he suspects that someone in Germany might have confused the agency acronym - CDC - with the federal Centers for Disease Control.

David Sommers, spokesman for county Supervisor Don Knabe, said there is heightened concern about the trend.

"The supervisor's concern here is there is no greater service than to protect the identities and security of the constituents served by the county," Sommers said. "Any time there is a breach of that security, we have a problem and it needs to be taken with the very highest level of concern."

Earlier this year, a welfare recipient found confidential documents next to a locked recycling bin at a Department of Public Social Services parking structure in Exposition Park.

"This is in clear violation of the DPSS policy regarding securing documents waiting to be destroyed," Knabe said. "Yet I understand that this was not the only instance where this happened. There is no excuse for this. Entire lives are documented in these files."

DPSS Special Assistant Shirley Christensen said all confidential documents that are slated for destruction are now immediately shredded.

"We have gone to a policy of 100 percent shredding," Christensen said. "Every office now has shredding bins."

And Fullinwider said that as a result of the security breaches, he hopes to have a policy ready by next month requiring all laptops and BlackBerrys to encrypt information.

"If the laptop is stolen or lost, even if it's encrypted, we'll still take the action of notifying people that sensitive information has been lost," he said.

But even as the county has taken steps in the past several years to put in place a countywide information-security program, Fullinwider wrote in a Feb. 28 report that the county has 70,000 devices connected to its network with multiple external-access points.

"Many systems for mail servers, stand-alone applications and PC-based systems are located in departmental facilities that are not well-protected," Fullinwider wrote.

To help prevent identity theft, sheriff's spokeswoman Kerri Webb said, people should shred, or tear into tiny pieces, all documents containing Social Security and driver's license numbers, bank and credit card information and utility bills.

"Don't just rip them up and put them in the same bag," Webb said. "The way people go about ripping off identities is by Dumpster-diving. Rip them up into a bazillion pieces and mix them in different bags."

main page ATTRITION feedback