honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Friday, January 26, 2007

Welfare families' data stolen, state reveals

By Mary Vorsino
Advertiser Staff Writer

PROTECT YOUR IDENTITY

To file a fraud alert on your credit report, contact any of the three major credit reporting agencies. Once the alert is confirmed, the other two credit bureaus will automatically be notified.

Those at risk of identity theft are also advised to order free copies of their credit report every four months. Each reporting bureau is required to provide one free copy per year.

The credit bureaus can be reached at:

  • Equifax, www.equifax.com

    Report fraud: (800) 525-6285

    Order a credit report: (800) 685-1111

  • Experian, www.experian.com

    Report fraud: (888) 397-3742

    Order a credit report: (888) 397-3742

  • TransUnion, www.tuc.com

    Report fraud: (800) 680-7289

    Order a credit report: (877) 322-8228

    For more information on fraud alerts and protecting credit information, contact the state Department of Commerce and Consumer Affairs at 587-3222. Participants in the WIC program can call 586-8080 for more information on the security breach.

  • spacer spacer

    The state has alerted some 11,500 families enrolled in a program for low-income women and children to guard against credit fraud and identity theft, after a Health Department employee allegedly stole information from a client database.

    Three families registered with the Women, Infants and Children program in Wahiawa have been confirmed as identity theft victims, said Dr. Chiyome Fukino, director of the Health Department.

    The state is urging others in the Wahiawa WIC programs' database, which includes clients helped as far back as 1998, to place a fraud alert on their credit reports.

    Officials say the case is the first of its kind involving a state agency. It has prompted the department to take a serious look at its record-keeping practices and has raised questions about sensitive information kept with other government offices and even nonprofit agencies.

    "I think the real message here is anyone can be a target. It doesn't matter what your income level is," Fukino said.

    "The fact of the matter is it's your credit rating that matters."

    The WIC program supplies low-income pregnant women and children up to 5 years old with supplemental foods, nutrition counseling and health referrals. Participant families' earnings must be at or below 185 percent of the federal poverty level.

    There are 39 WIC clinics statewide, serving 35,000 participants.

    POLICE INVESTIGATING

    Fukino said workers at the Wahiawa office started to investigate the case in mid- to late December, when a client inquired about a credit card opened in her name.

    The office was listed as the billing address for the card.

    Fukino said she was notified of the database breach on Jan. 12. The final batch of letters notifying families whose information was at risk was sent out Wednesday night, she said.

    Police Capt. Frank Fujii confirmed that an identity theft investigation is under way in the case, but could not provide details. Fukino declined to say how long the accused employee has worked for the state Department of Health. The employee has been placed on leave.

    Identity theft is one of the fastest-growing crimes in the Islands, and large databases of information are increasingly becoming targets. Though business records are more commonly hit, officials say it is not unheard of nationally for low-income clients of social service agencies to also become victims.

    "It's just like any business," said Brian Schatz, chief executive officer of Helping Hands Hawai'i. "Whether for-profit or not-for-profit, there is always a chance of malfeasance."

    Fukino said the Health Department has taken steps to guard against a repeat incident, but she stressed there is no way to protect against every possibility.

    "A criminal mind can overcome even your most vigorous defenses," she said.

    DATABASES SCRUTINIZED

    When Fukino was alerted to the theft, she asked branch heads to scour their databases and weed out unneeded sensitive information that could fall into the wrong hands.

    She also said WIC participants are no longer required to provide their Social Security numbers. Some WIC offices had already stopped taking the numbers to identify clients, she said.

    Stephen Levins, executive director of the state Office of Consumer Protection, said there are very few instances in which a state agency needs a Social Security number.

    He added most agencies no longer use the number as an identifier.

    "Unless there's a specific reason under law that you need a Social Security number, a business or a government agency really shouldn't use a Social Security number," he said.

    News of the breach comes just weeks after three new state laws to protect residents against identity theft went into effect. One law requires agencies to notify residents whose information has been compromised as quickly as possible, while another says agencies must take "reasonable measures" to guard against security breaches of their computer databases.

    The third allows consumers to freeze their credit reports to protect against exploitation.

    SECURITY PRECAUTIONS

    As word of the WIC security breach got out yesterday, nonprofits that serve low-income clients reviewed their procedures for dealing with sensitive financial information.

    Several said they have security measures to protect their clients, but they also say identity theft was never a primary concern for them.

    "We do have background checks, we do have criminal record checks," said Salvation Army Hawai'i spokesman Daniel DeCastro. "We've made absolutely sure that every employee that comes to the Salvation Army comes through that screening."

    But he acknowledged there is a high degree of trust afforded to those who access client databases, which are password protected. Background checks weed out those with a criminal past, he said, but "you cannot guess a person's intent in the future."

    Reach Mary Vorsino at mvorsino@honoluluadvertiser.com.


    Correction: Stephen Levins is the executive director of the state Office of Consumer Protection. An incorrect title was given in a previous version of this story.