Another recent addition to HHS’s public breach tool involved an incident at Central City Concern in Oregon. The breach, which involved “unauthorized access/disclosure” resulted in the notification of 17,914, and was listed as beginning March 23, 2010 and ending May 24, 2013.
A notice linked from their homepage saying “Data Event” explains that this was a case of insider theft for tax refund fraud, and that after CCC was notified of the breach by law enforcement, they prudently notified everyone whose records the employee would have been able to access – even though there is no evidence that more than 15 clients’ information was accessed:
For release: April 28, 2014
Notice of Data Event
Contact: Kathy Pape, Central City Concern, 503-294-1681Central City Concern is providing this release as part of a larger effort to notify individuals whose personal data may have been stolen by a former employee.
On April 3, 2014, a federal law enforcement official notified CCC that a former CCC employee has been accused of improperly copying information from approximately 15 Central City Concern clients from its Employment Access Center (EAC) program with the intent of processing fraudulent tax returns in their names. Following this notice from law enforcement, CCC immediately began to review its systems that contain client records that the former employee may have accessed and copied during the time of employment from March 23, 2010 to May 24, 2013. We determined through this investigation that the former employee may have accessed names, dates of birth, social security numbers, addresses, and, in some instances, health information of EAC clients.
Central City Concern takes the privacy of its clients very seriously and in an attempt to protect the privacy of all Employment Access Center clients, we are communicating with all clients whose records the former employee may have had access to, though according to law enforcement, the former employee estimated that only 15 records were improperly copied. We have received no indication that other records were misused. However, as a precautionary measure, Central City Concern is offering complimentary one-year membership of Experian’s ProtectMyID Alert to all potentially affected individuals at no cost. Notification letters were mailed today to all potentially affected individuals and we continue to cooperate with law enforcement in their investigation.
Central City Concern has taken steps to help prevent such an incident from occurring in the future. CCC has contracted with an independent, third-party data security specialist to ensure that CCC has implemented all feasible and comprehensive safeguards to protect against future risk.
Client inquiries regarding this incident may be directed to 866-778-1144, Monday through Friday from 6:00 AM to 6:00 PM Pacific Time. Media inquiries may be directed to Central City Concern, 503-294-1681.
Individuals who are concerned about their tax returns may contact the Oregon Dept of Revenue at 503-947-2000 or http://www.oregon.gov/dor/Pages/id-theft.aspx.
This notice is being provided pursuant to the data event notification requirements of the U.S. Department of Health and Human Services and the State of Oregon, as well as to any other state required to receive the information. This notice is also posted on CCC’s website. Additional information, including information about how to prevent identity theft, is available from the Federal Trade Commission (FTC). You can contact the FTC at 600 Pennsylvania Avenue, NW, Washington, DC 20580, http://www.consumer.ftc.gov/features/feature-0014-identity-theft or 1-877-438-4338. If you become a victim of identity theft, you should report it to the police and to the FTC.
Other Helpful Resources
If you were a client of the Employment Access Center (other names of the program: WorkSource, West Portland One Stop, Central City Concern Jobs Program, Central City Concern WorkForce, Shoreline) and are concerned that your information may have been accessed, please call 866-778-1144.Oregon Department of Revenue Identity Theft
503-947-2000Theft Hotline
877-438-4338IRS Identify Protection Specialized Unit
800-908-4490