Lost Disc Puts 2.9 Million Georgia Residents At Risk For ID Theft

The disc, which had been in the possession of contractor ACS, held names, addresses, birth dates, and Medicaid numbers, in addition to Social Security numbers.

Paul McDougall, Editor At Large, InformationWeek

April 10, 2007

2 Min Read
InformationWeek logo in a gray background | InformationWeek

A computer disc containing Social Security numbers and other sensitive personal data on 2.9 million residents of Georgia has been lost, according to the state's Department of Community Health.

The CD, which had been in the possession of contractor Affiliated Computer Services, held names, addresses, birth dates, and Medicaid numbers, in addition to the Social Security numbers, for Georgia residents enrolled in the state's Medicaid and PeachCare for Kids programs, the DCH said in a statement released Monday.

The Georgia DCH said it has ordered ACS to provide all affected residents with written notification about the incident and assistance with credit monitoring in case the data has fallen into the hands of identity thieves.

State officials said they also have notified several agencies about the loss, including the U.S. Department of Health and Human Services Office of Civil Rights, the Georgia Governor's Office of Consumer Affairs, and Georgia's attorney general's office.

Security breaches have become a not uncommon event in both the public and private sectors, and even major retailers like Amazon and T.J. Maxx have been the victim of hacks or accidental data exposure. The rash of security problems has prompted some states to require companies to notify customers if their personal information has been compromised.

An ACS spokesman said the missing disc was created "in the Atlanta area" and was in transit to Georgia state officials when it went missing. He declined to name the shipping company used to transport the disc.

The spokesman also declined to say whether the data on the disc was encrypted.

ACS had to physically transport the media to the Georgia DCH "because the volume was too great for e-mail," the spokesman said.

ACS will review its internal procedures for transporting sensitive data once the investigation is complete. "If we need to tighten up certain areas then we will do that," said the spokesman.

Editor's note: This story was expanded at 4:05 p.m. to add comments from the ACS spokesman.

About the Author

Paul McDougall

Editor At Large, InformationWeek

Paul McDougall is a former editor for InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights