Greensburg Daily News, Greensburg, IN

August 1, 2013

FSSA details information breach, corrective action


Greensburg Daily News

---- — INDIANAPOLIS – The Indiana Family and Social Services Administration (FSSA) announced today the final results of a review of all documents potentially involved in an information breach announced last month.

At the time the error was discovered, it was not possible to determine exactly which FSSA clients might have been involved. As such, FSSA took the prudent approach of notifying more than 187,000 potentially impacted clients that correspondence sent to them might have also been shared with other clients. At the direction of Governor Mike Pence, RCR Technologies Inc. – the vendor company responsible for the computer programming error that led to some client information being accidentally shared with other clients – expedited a complete review of all potentially impacted client correspondence.

RCR has determined through this review that only 16 clients had their full Social Security numbers shared. Another 48 clients had various other types of personal information disclosed, which did not include their full Social Security numbers. RCR has agreed to pay for credit monitoring for the individuals actually impacted by the breach and will be contacting them directly to arrange this service. RCR’s review document is available here.

“We are comforted to know definitively now that, as we suspected, very few clients had any of their personal information shared,” said Debra Minott, secretary of the FSSA. “Still, if one client’s information is unnecessarily disclosed, that’s one too many. We have received assurances from RCR that the appropriate steps have been taken to correct the original programming error and prevent anything like this from happening again. We will continue to scrutinize their performance very closely.”

FSSA will notify all of the clients of the findings of the report. It will send a letter to clients whose information was breached to let them know they will receive credit monitoring through RCR. FSSA will also send a letter to the vast majority of clients who were determined not to have been impacted by the breach to reassure them their information was not disclosed to anyone else. Lastly, FSSA will send letters to its clients who RCR identified as receiving other clients’ information with specific instructions on how to return the materials to FSSA if they are still in possession of it.

Governor Pence and FSSA have directed RCR to put a corrective action plan in place that includes additional design and code reviews as well as increased performance testing.

Tagline (right aligned):– Daily News