Monday Morning News Kick Off: Schools Putting Children at Risk of ID Fraud, Health Net Settles with Connecticut AG and More

Welcome to the Monday Morning News Kick Off post from the ITAC blog. As always, we have pulled together all the key identity theft, data breach and cyber security stories to start the week out on the right foot. And, we recommend you all continue to make the ITAC blog a key part of of your weekly blog reading agenda. Stay tuned for our ever popular “Best” and “Worst” people in identity theft and much, much more. Happy Monday!

Schools Risk Theft of Social Security Numbers of Children
Schools are putting children at risk of identity fraud by obtaining their Social Security numbers when it is not required by law and often unnecessary, the Social Security Administration’s Office of Inspector General has concluded. Some school systems in at least 26 states collect the nine-digit identifiers when students from kindergarten through high school register for classes, even though the respective state does not require it as a matter of law, according to a report released last week. Read the full Washington Times article here.

Health Net Settles with Connecticut Over Data Breach
California-based Health Net has agreed to pay $250,000 to the state of Connecticut to settle a lawsuit brought by the state’s attorney general, Richard Blumenthal, who sued the company over a large-scale data breach in 2009. Nothing in the settlement addresses protection of physician data specifically, and it’s unclear how much identifying information about network physicians might have been lost along with patient information. Health Net, which sold its Connecticut business to UnitedHealth Group in December 2009, did not admit any wrongdoing but agreed to adopt new security procedures and to pay the state an additional $500,000 if between now and Nov. 30, 2011, it’s determined that the compromised data has been accessed and misused. Read the full American Medical News post here.

Should You Tell Shareholders about Breaches?
Federal law states that health companies have to disclose if they’ve suffered a data breach. Information security group ISACA doesn’t think that’s enough. Considering the reputational risk to enterprise, the association believes mandatory reporting should be included in the company’s regular accounting releases, such as quarterly and annual reports. There has been a lot of conversation about what consumers should know about breaches and what steps should be taken if personal information is at risk. Along that line, I think it is a good idea to keep shareholders informed on the company’s security efforts. Read the full IT Business Edge post here.

Former University of California Employee Pleads Guilty in Identity Theft Scheme
Cam Giang pleaded guilty in federal court today to one count of wire fraud and one count of use of a Social Security number in violation of the laws of the United States, United States Attorney Joseph P Russoniello announced. In pleading guilty, Giang, who was an employee of the University of California San Francisco Medical Center at the time of the offense, admitted that he obtained and used the personal information (i.e ., birthdates and social security numbers) of other UC employees to create accounts on the StayWell Health Management, Inc. website and complete online health surveys on behalf of those individuals without their knowledge or consent. Read the full press release here.

Former Credit Union Employee Arrested for Identity Theft
Mesa police arrested a former credit union employee who they said used a customer’s identity and her own address to apply for credit cards, court records state. An investigation into a reported credit card theft led officers to Esther J. Hulse, a former Arizona Federal Credit Union employee from Phoenix, Wednesday morning, court records state. The victim contacted police on June 22 after she received a call from Bank of America, thanking her for applying for a credit card online. Read the full AZ Central article here.