From CBS News:
Highly sensitive information, including Social Security numbers and bank account information, was mailed out to the wrong recipients in the Delaware Valley. The mix-up created confusion and concern that the mistake could have led to identity theft.
The Maggitti family from Broomall said they got paperwork back after filling out an online application for Social Security benefits for 18-year-old Anthony Maggitti Jr., but there was one glaring problem.
"I started reading it and realized this didn't make sense. This doesn't seem to be his information," Colleen Maggitti said. "So I saw that on the top it was supposed to go to a person named Holly, who does live in this area, but that was all of her information." …
CBS News Philadelphia contacted the Social Security Administration, which said in a statement, "Important to note that this mistake was an isolated incident and the result of human error. The incident is being investigated."
While the administration wouldn't say how many people were affected, they said it was a limited number and corrective actions were being taken. …
By the way, I wouldn’t post this if it only involved a couple of people but it sounds like there’s more involved. Isolated but not that isolated.
Also, by the way, many years ago I discovered a much larger privacy problem at Social Security. When Social Security introduced an electronic data system that most Social Security attorneys call ERE it prepared a demo that it handed out on a CD showing how the system worked. They used real claimants’ records but tried to redact them. Unfortunately, they did a poor job of redaction. PII was openly visible in several places. I happened to be one of the first people to receive the CD. I imagine at least a few dozen other people received the CD at about the same time. I was the one who noticed the problem and notified the agency. My understanding was that they were abashed. I know they tried to get all the CDs back.
11 comments:
SSA does have controls in place to flag any accidental PII loss that happens electronically. Most of these cases, while they are taken seriously, are relatively benign (Example: someone emails a document to SSA and includes their own PII which then accidentally gets sent back to them in the email response or an auto-reply, etc) but each incident does trigger a review, and any deliberate releases or repeated mistakes can come with major consequences.
That would be a lot of fun being this employee's supervisor. Cancel your life for a couple of weeks for all the fact sheets and PII reports.
Slow news day? The agency blunders and Charles broadcasts it for the world to see so “lazy” agency employees can hang their heads in shame.
I get this report about 3 times a year working at the N8NN. We take the details about what information was sent, who it was sent to and what Fo it came from. The report is immediately given to a supervisor for follow up and alerts to the component. The majority of these PII loss reports involve application summaries after filing. Human error does happen but it will only increase if reduced staffing coupled with increased workloads continues.
Charles has never made a mistake in his life and we should follow his lead. SSA employees are doing the best they can under tough circumstances. It’s easy to criticize from the sidelines.
This is more serious than you think, apparently. Pretty sure giving out wrong personal information is quite illegal, as well as dangerous. Identity theft is REAL. Nobody was "lazy", whatever the issue was NEEDS to be addressed in a proper fashion to fix it in the future.
Something of this nature and magnitude SHOULD be criticized!!! Yes, SSA employees are stressed, they are short staffed, but certain things like this are serious. My sister was fired for accidentally sending double tax forms to employees in her state. She worked for the state, and she was fired. She basically didn't realize she had to separate the pages via the perforated line. That's all it takes when dealing with Social Security numbers and Tax ID numbers be released to the wrong people. It is a blunder that needs to be addressed, regardless of cause.
This magnitude? The Delaware Valley on a few recipients? May I suggest yoga. 🧘
Another example of a double standard with federal agencies while corporations get a pass.
It seems like there's a major new data breach occurring every few weeks now. Personal emails, phone numbers, and addresses are among the most common data affected by these breaches. But it's much more concerning when bank account numbers or credit card information getting into the wrong hands.
Nearly 1.7 million credit card accounts – including the cardholder's name and address, as well as the card's expiration date – were exposed during a 10 month-long data breach at Slim CD.
Application summaries sent after the claimant files online (maybe a third-party DIB claim). They move and don't notify SSA. SSA finally works on the application months later and sends all notices (requests, awards/denials, etc) to the old address. Oh no, my information was stolen.
When you have 10 employees sharing one printer this can happen easily especially when you're short staffed and backlogged. It's something that management does take very seriously and reminds staff all the time to go through every page before you mail it out.
Post a Comment