Criminals who broke into a State Bar of Nevada storage facility stole confidential information on an undisclosed number of applicants for the state bar examination, putting an untold number at risk of identity theft.
Those affected were notified by letter dated March 17 and offered free credit monitoring for a year:
The notification was submitted to DataBreaches.net by “Who Complies,” a regular reader of this site. He prefaced the notification letter with additional background and details:
On January 24, 2014 my friend received a phone call from Las Vegas Police.
The detective asked him if he had ever taken the Nevada State Bar Exam.
My buddy replied; yes, a few times, why?
The detective informed him they arrested a man in possession of his personal information in Las Vegas.
In fact, he had my friend’s personal information from the February and July 2011 Bar Exams, and other exam takers’ personal information.
Personal information for taking the bar exam is everything imaginable: Full Name, Birthday, SSN, Address, Previous Home & Work Addresses for past 10 years, Home phone, cell phone, drivers license number, his children’s full names and birthdates, his spouse’s information, and his Military Service Record Form DD-214. Not to mention the names and contact information for personal references, and the list goes on.
Yes, it also included Credit Card Account information with Exp. and CCV code on back to pay for the Bar Exam.
The thief had so much information that he had identification made up with my friend’s information and the thief’s picture on it.
After being notified by the police about the data breach, the phone call he received 1.5 months prior made sense. He had been called by his bank about fraudulent charges on a credit card he almost never uses – except for educational needs and State Bar Exams.
Phone calls and emails regarding the breach to the Nevada State Bar went unreturned.
Finally today, almost 2 months later, my friend received the attached letter.
I can’t understand how the State Bar could so negligently store such highly sensitive information in a common storage locker?
I also wonder if the State Bar didn’t know about the locker break in, until contacted by the LVPD after they had this guy in custody???
So many unanswered questions.
Indeed. The Nevada State Bar did not respond to an email inquiry earlier today asking when the theft occurred, how they discovered it, and how many people had their data stolen.
What are the state bar’s data retention and storage policies? How far back do the paper records in storage go and how many cartons of records were stolen? According to Who Complies’ friend, the thief was caught with personal information from other Bar Exam takers. Were any of them from other states from individuals seeking licensing in Nevada?
And will the state bar now start securely shredding older records or do they intend to continue to store them but just boost physical security for the storage center?
Some more transparency on their part in reporting on this incident would be helpful.