Virginia developing database of residents identities

[Lee J <lee () riskbasedsecurity com>]

http://communities.washingtontimes.com/neighborhood/metro-news/2013/sep/30/virginia-developing-database-residents-identities/


WASHINGTON, September 30, 2013 — Virginia has created an identity database
of the state’s residents for use by Virginia agencies. The database was
built from using Department of Motor Vehicles records.

State officials told <http://www.timesdispatch.com/> the Richmond
Times-Dispatch that the $4.3 million system will help agencies uncover
fraud and benefit to residents who want or need to do business with the
state electronically.

Craig C. Markva, Department of Medical Assistance Services Spokesman, told
the newspaper that this system will be helpful because when someone creates
an account online, the Virginia government will be able to use this system
to verify that the person is who they are claiming to be.

It was also reported to the newspaper that the first agency to use the new
e-id system will be the Department of Social Services starting Tuesday,
October 1, 2013.

The fact that identifying information about Virginia residents, which has
been provided to the DMV with the belief that it was being used for the
sole purpose of that department, is now being used by other agencies and
being passed around from agency to agency without the resident’s knowledge
could leave many unnerved.

The United States Bureau of Justice
reports<http://bjs.gov/content/pub/pdf/itrh0510.pdf> that
in 2010, 7 percent of U.S. households experienced identity theft. It is a
large enough concern that the United States government has multiple pages
on its website<http://www.usa.gov/topics/money/identity-theft/prevention.shtml>
dedicated
to the education of securing ones electronic information and even has a
toll free phone number for additional help.  It is then surprising to learn
that the state government itself is taking the personal information.

State officials report that participation in the program is completely
voluntary but it seems that the only way to not participate in the program
would be to no conduct any business with a state agency online since that
is when it will automatically be used for the verification. As more and
more services become primarily offered online, it will be considerably more
difficult to still conduct business in person.

According to Secure ID
News<http://secureidnews.com/news-item/virginia-launching-statewide-authentication/>,
the motivation for this program was the Affordable Care Act. With the
implementation of “Obamacare” Virginia will have more than 240,000
residents using Medicaid. The hope is that this system will assist with
enrollment and prevent any possible fraud.

There has been no public release by the state of Virginia about the
personal information of all Virginia licensed drivers and ID holders being
passed on to Virginia Information Technologies Agency, Department of Social
Services and Department of Medical Assistance Services.


[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.