Publication Date: Wednesday, September 21, 2005
Health info stolen from nonprofit
Health info stolen from nonprofit
(September 21, 2005) Palo Alto Children's Health Council has hard drive swiped with personal data stores on it
by Bill D'Agostino and Don Kazak
Identity theft became more than just a buzzword for thousands after sensitive personal information was stolen from a room inside the Children Health Council's headquarters in Palo Alto earlier this month.
The information mostly relates to current and former clients of the nonprofit agency. Children are rarely victims of identity theft but are an increasingly attractive target for the crime, according to one expert.
"Usually it's perpetrated by a parent or a relative," said Beth Givens, director of the Privacy Rights Clearinghouse. Children are attractive targets because they are "a clean slate," with no negative reports on their limited credit history, Givens noted.
"It really is disgusting," she said.
The information stolen from the local nonprofit was on a backup hard drive that contained data on 5,000 or so clients as well as payroll information for 600 to 700 current and former employees. Information on the disk included credit card data, Social Security numbers and birth dates -- everything an identity thief would need. The drive also contained health care information on the agency's clients.
"It's relatively easy to get credit in this country," Givens said. As a result, it's also easy for a person to go to Circuit City, get a credit card on the spot using the false data and immediately buy expensive computer equipment. Alternatively, a person can use someone else's data to get approval to rent a home, she noted.
Givens criticized the agency for letting more than a dozen employees have access to the locked room where the hard drive was located.
"Theoretically, one or two people should have access," she said.
The theft of the computer drive was discovered on Sept. 7, according to Stephen Joffe, the nonprofit's executive director. There was no evidence of a break-in or that any of the data has been used, he added.
The information might have been stolen by a disgruntled employee or someone seeking to "dig up dirt" on the agency, Givens speculated.
"It's not like this object was a laptop which has value over and above the data on it," she noted.
The council sent a letter late last week warning the potential victims and instructing them to contact their credit bureaus. Potential victims can place 90-day "fraud alerts" on their credit reports to receive notification if anyone tries to open a new account.
The inability of the potential victims to place fraud alerts for longer than three months is a shortcoming of the recently approved Fair Credit Reporting Act, Givens said.
"They are vulnerable from here on in," she said. "A 90-day fraud alert just isn't going to do it."
Privacy advocates, she said, are calling for victims of similar security breeches to place seven-year alerts on their credit histories.
Palo Alto police had no leads on Monday, but were planning to interview all the employees with access to the drive, according to police Agent Dan Ryan. The department takes dozens of complaints about suspected identity theft every week, he noted.
"We're inundated with them," Ryan said. "It's a growing trend unfortunately."
Staff Writer Bill D'Agostino can be e-mailed at bdagostino@paweekly.com.
E-mail a friend a link to this story. | 
