BreachExchange mailing list archives
Re: GA: Security breach involves recent births - 140, 000 notified
From: Nancy Kramer <nekramer () mindtheater net>
Date: Thu, 17 May 2007 02:43:39 -0400
If they used SSN for the key to a file that contained parents name and address as well as the baby's SSN it wouldn't be very hard. One SQL query on the joined files and you would have the info. Regards, Nancy Kramer At 10:45 PM 5/16/2007, lyger wrote:
And now for tonight's edition of "things that make you go 'hmm'..." If the records didn't contain names or addresses, then how did the Georgia Department of Human Resources match up 140,000 medical records and SSNs of infants to their parents mailing addresses so quickly? And if it wasn't "quickly", then how long did they know about the breach before the notification process began? Yes, I know... there's them new-fangled things called "computers". Am I missing something or might there be more to this than currently reported? On Wed, 16 May 2007, Dave wrote: ": " http://www.ajc.com/metro/content/metro/stories/2007/05/16/0517meshrecords.html ": " http://health.state.ga.us/pdfs/message-20070514.pdf ": " ": " by Gayle White ": " The Atlanta Journal-Constitution ": " Published on: 05/17/07 ": " ": " State officials are warning parents of 140,000 Georgia babies that a ": " security lapse has exposed some of their personal and medical ": " information to the risk of fraud. ": " ": " The Georgia Department of Human Resources mailed letters Wednesday to ": " all parents of infants born in Georgia between April 1, 2006, and ": " March 16, 2007, saying that paper records containing their Social ": " Security numbers and information about their medical histories were ": " improperly discarded. ": " ": " The records do not contain names or addresses, said Stuart Brown, ": " director of the state's Division of Public Health. He said there is ": " no evidence that information from the records has been used ": " improperly. ": " ": " [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 208 million compromised records in 658 incidents over 7 years. -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 10:47 AM
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.7.1/805 - Release Date: 5/15/2007 10:47 AM _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 208 million compromised records in 658 incidents over 7 years.
Current thread:
- GA: Security breach involves recent births - 140, 000 notified Dave (May 16)
- Re: GA: Security breach involves recent births - 140, 000 notified lyger (May 16)
- Re: GA: Security breach involves recent births - 140, 000 notified Nancy Kramer (May 17)
- Re: GA: Security breach involves recent births - 140, 000 notified Chris Walsh (May 17)
- Re: GA: Security breach involves recent births - 140, 000 notified rwise29210 (May 18)
- Re: GA: Security breach involves recent births - 140, 000 notified Nancy Kramer (May 17)
- Re: GA: Security breach involves recent births - 140, 000 notified lyger (May 16)