The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
How many victims? 9,000
What type of personal information? Names, addresses, some Social Security numbers, ethnicities, birth dates, information on next of kin and workers’ compensation documents.
What happened? IT staff at the California Department of Public Health (CDPH) detected unusual network activity on April 5. It initiated an investigation and discovered that an employee had removed the information without authorization. The employee was placed on administrative leave until the investigation is complete.
Details: The breach affects most current CDPH and California Department of Health Care Services (DHCS) employees, as well as nearly 3,000 employees of the former Department of Health Services (DHS).
There is currently no indication that the information has been misused or further disclosed.
Quote: “We regret that the personal information of our employees was compromised,” CDPH Director Ron Chapman said in a statement. “We take the breach of any secure documents very seriously and are committed to taking steps to minimize any impact of this action and further strengthen our security policy.”
What was the response? The department has begun implementing unspecified internal safeguards to protect employee information. In addition, the agency is conducting a review of its information security policies and has promised to put in place any additional safeguards necessary to ensure a similar incident does not recur.
Affected individuals are being offered credit monitoring services.
Source: California Department of Public Health, “Current and former state employees advised of breach of personal information,” June 26, 2011.