From CBS News:
Highly sensitive information, including Social Security numbers and bank account information, was mailed out to the wrong recipients in the Delaware Valley. The mix-up created confusion and concern that the mistake could have led to identity theft.
The Maggitti family from Broomall said they got paperwork back after filling out an online application for Social Security benefits for 18-year-old Anthony Maggitti Jr., but there was one glaring problem.
"I started reading it and realized this didn't make sense. This doesn't seem to be his information," Colleen Maggitti said. "So I saw that on the top it was supposed to go to a person named Holly, who does live in this area, but that was all of her information." …
CBS News Philadelphia contacted the Social Security Administration, which said in a statement, "Important to note that this mistake was an isolated incident and the result of human error. The incident is being investigated."
While the administration wouldn't say how many people were affected, they said it was a limited number and corrective actions were being taken. …
By the way, I wouldn’t post this if it only involved a couple of people but it sounds like there’s more involved. Isolated but not that isolated.
Also, by the way, many years ago I discovered a much larger privacy problem at Social Security. When Social Security introduced an electronic data system that most Social Security attorneys call ERE it prepared a demo that it handed out on a CD showing how the system worked. They used real claimants’ records but tried to redact them. Unfortunately, they did a poor job of redaction. PII was openly visible in several places. I happened to be one of the first people to receive the CD. I imagine at least a few dozen other people received the CD at about the same time. I was the one who noticed the problem and notified the agency. My understanding was that they were abashed. I know they tried to get all the CDs back.
16 comments:
SSA does have controls in place to flag any accidental PII loss that happens electronically. Most of these cases, while they are taken seriously, are relatively benign (Example: someone emails a document to SSA and includes their own PII which then accidentally gets sent back to them in the email response or an auto-reply, etc) but each incident does trigger a review, and any deliberate releases or repeated mistakes can come with major consequences.
That would be a lot of fun being this employee's supervisor. Cancel your life for a couple of weeks for all the fact sheets and PII reports.
Slow news day? The agency blunders and Charles broadcasts it for the world to see so “lazy” agency employees can hang their heads in shame.
I get this report about 3 times a year working at the N8NN. We take the details about what information was sent, who it was sent to and what Fo it came from. The report is immediately given to a supervisor for follow up and alerts to the component. The majority of these PII loss reports involve application summaries after filing. Human error does happen but it will only increase if reduced staffing coupled with increased workloads continues.
Charles has never made a mistake in his life and we should follow his lead. SSA employees are doing the best they can under tough circumstances. It’s easy to criticize from the sidelines.
This is more serious than you think, apparently. Pretty sure giving out wrong personal information is quite illegal, as well as dangerous. Identity theft is REAL. Nobody was "lazy", whatever the issue was NEEDS to be addressed in a proper fashion to fix it in the future.
Something of this nature and magnitude SHOULD be criticized!!! Yes, SSA employees are stressed, they are short staffed, but certain things like this are serious. My sister was fired for accidentally sending double tax forms to employees in her state. She worked for the state, and she was fired. She basically didn't realize she had to separate the pages via the perforated line. That's all it takes when dealing with Social Security numbers and Tax ID numbers be released to the wrong people. It is a blunder that needs to be addressed, regardless of cause.
This magnitude? The Delaware Valley on a few recipients? May I suggest yoga. 🧘
Another example of a double standard with federal agencies while corporations get a pass.
It seems like there's a major new data breach occurring every few weeks now. Personal emails, phone numbers, and addresses are among the most common data affected by these breaches. But it's much more concerning when bank account numbers or credit card information getting into the wrong hands.
Nearly 1.7 million credit card accounts – including the cardholder's name and address, as well as the card's expiration date – were exposed during a 10 month-long data breach at Slim CD.
Application summaries sent after the claimant files online (maybe a third-party DIB claim). They move and don't notify SSA. SSA finally works on the application months later and sends all notices (requests, awards/denials, etc) to the old address. Oh no, my information was stolen.
When you have 10 employees sharing one printer this can happen easily especially when you're short staffed and backlogged. It's something that management does take very seriously and reminds staff all the time to go through every page before you mail it out.
That’s a great example of what I’d call self created PII loss and not the agency’s fault. The N8NN guy is right about how it’s already handled by the agency when they know it’s the agency’s fault.
Btw what’s with the new legislation talking about having some kind of contact at ssa for identity theft in general? How the heck does congress not know SSA is not the credit bureaus and can’t monitor that stuff and shouldn’t.
There was no magnitude cited, only alluded to, by an author who wants to make his story sound like an expose. It’s not systemic and it’s treated as importantly as it should be. I think Charles shared the link in good faith.
Management had a printer survey recently. It seems as though the agency is looking for more solutions to reduce printers in FOs. It is a chronic problem with employees sharing printers. We still generate a good amount of paper, but staff don't want to get up after every print release. Couple that with employees strapped for time, and these things are going to happen. Now, yes, fact is some employees suck a lot more than others. I'd personally opt for more printers rather than less.
Petco has this beat. In filings submitted to the Texas attorney general — echoed in notifications to officials in California, Massachusetts, and Montana — Petco disclosed that exposed data included customers’ names, Social Security numbers, driver’s license numbers, dates of birth, and financial information such as account and card numbers.
Why is Petco requesting Social Security numbers?
When the news broke that Petco suffered a data breach that could have exposed the personal data of millions of customers, the conversation here at PCMag was, “Why does Petco store social security numbers?” There are probably legitimate reasons, but it was still both surprising and a good example of exactly how much private information every company has on its customers.
Petco says its informing affected customers, and didn’t mention how many customers were affected in its announcement about the hack, but if you’re a Petco shopper or have adopted a companion from a Petco store, keep an eye on your inbox in case your social security number, name, email address, date of birth, driver's license, bank account numbers, or credit or debit card info (all of which were lost in the breach) were compromised. The company is advising customers to watch out for the usual scam attempts that come from data breaches, like phishing attacks or scam messages.
Post a Comment