The Indiana Family and Social Services Administration (FSSA) recently began notifying 187,533 clients that their personal information may have been accidentally exposed to other clients (h/t HealthITSecurity).
According to the FSSA, the breach may have occurred when the RCR Technology Corporation made a programming error in a document management system on April 6, 2013, which resulted in some clients' documents being sent to other clients. The programming error remained in place until May 21, 2013.
The data potentially exposed includes name, address, case number, birthdate, gender, race, phone number, e-mail address, types of benefits received, monthly benefit amount, employer information, some financial information such as monthly income and expenses, bank balances and other assets, some medical information such as provider name, whether the client receives disability benefits and medical status or condition, and some information about the client's household members, such as name, gender and birthdate.
Of the 187,533 clients affected, 3,926 may also have had their Social Security numbers exposed.
"Clients entrust their information to us and we take the security of that information very seriously," FSSA secretary Debra Minott said in a statement. "We are ultimately responsible for the safekeeping of that information and regret that in this rare instance some information may have been accidently shared inappropriately. We do not believe this was a widespread disclosure of information and have only been made aware of a handful of instances where information was received by the wrong person. Still, we are taking the most complete and prudent approach to notifying all potentially impacted clients.”