Yet another company has been added to a growing list of absurd private data leaks after the Social Security numbers of over 600 insurance customers were printed on envelopes sent out by Blue Cross and Blue Shield of North Carolina.
Human error has been blamed for the mistake that ended in more than 600 Social Security numbers being printed on letters that were sent out by U.S. insurance firm Blue Cross and Blue Shield of North Carolina informing clients of new insurance services.
As a result, the private details of some of the company's most active customers were compromised. The firm had decided to thank their clients for using their insurance policy and sent them the letters with further details of new services. But an 11-figure code was printed next to the name and address on the mailing labels of all 629 letters that were sent out. Nine of the numbers in the code made up the addressees' Social Security numbers. A company representative said that the mistake was the result of a human error.
Since the leak Blue Cross and Blue Shield has completely revised its client identification system. Instead of a Social Security number, a new subscriber number is now being used to identify customers which is much harder to link to sensitive data on the internal information system.
The data leak was discovered on Jan. 30, 2006 and by Feb. 1 the company had already sent out notification letters, minus the Social Security numbers, to those affected. In the letter the company instructed their clients about the dangers of identity theft and to check for fraudulent activity with the major credit reporting bureaus.
The incident is very similar to a recent leak of private data at two newspapers, The Boston Globe and the Worcester Telegram & Gazette, which are both owned by The New York Times. In that incident confidential information of about 240,000 subscribers was inadvertently sent out with bundles of newspapers. The paper recycled for use as routing slips just happened to contain their names, credit card numbers and bank account information. In total, about 9,000 of the slips were sent out across the region.
Both of these incidents resemble another inadvertent leak from H&R Block. In that case, the company accidentally embedded Social Security numbers in a 47-digit tracking number on packages used to mail free copies of the company's TaxCut tax preparation software ahead of Christmas.
“All this would be rather funny if it wasn't so serious. The notorious human factor has led to leaks of private data from a variety of organizations — hospitals, the press, IT companies and so on. The problem of protecting sensitive information affects absolutely everyone, but the greatest danger of all is posed by the two unreliable faces of the insider. He is capable of selling information to competitors or criminals, or accidentally sending out recycled paper with thousands of credit card numbers and address labels with hundreds of Social Security numbers. Getting the better of the insider himself is impossible, but placing controls on confidential information limits his activity significantly — this is a basic necessity today. Otherwise, businesses will find themselves reaping the kind of bitter harvest that the record-breaking ChoicePoint has recently suffered — damages of around $55 million for a relatively small data breach," warns Denis Zenkin, marketing director at InfoWatch.
Source: ComputerWorld