California's In-Home Supportive Services (IHSS) program recently announced that personal data on more than 700,000 providers and recipients of in-home care may have been compromised.
"The breach occurred when Hewlett-Packard, which handles the payroll data for workers in California's In-Home Supportive Services program, was shipping information including Social Security numbers to an office in Riverside last month," writes The Los Angeles Times' Chris Megerian. "The package arrived damaged and incomplete. 'While we continue to investigate, at this time we can't confirm whether the information was damaged, lost or stolen,' said an internal government email obtained by The Times."
Notably, the data wasn't stored on a hard drive or USB stick, but on microfiche.
The LA Times quotes Steve Mehlman, communications director for the UDW Homecare Providers Union, as saying, "It's hard for us to believe that in one of the largest states in the union, we're using such an antiquated system."
The state has opened an internal investigation, and will notify everyone who may have been affected. "The involved data included 375,000 employee's names, wages and Social Security numbers dating from October to December 2011 and the state identification numbers of 326,000 home care recipients," writes SecurityNewsDaily's Matt Liebowitz.
"This is the most recent in a series of high-profile data breaches that have involved state-gathered information this year," notes Ars Technica's Megan Geuss. "In April, hackers stole the records belonging to 181,000 recipients of Utah state health benefits, and in March, IBM lost four cartridges containing the records of 800,000 adults and children covered under the Department of Child Support Services."