DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

California Says Private Data for 600,000 People Exposed During Burglary

Posted on April 7, 2018 by Dissent

A California agency says private information for about 600,000 people may have been exposed during the burglary of a state building.

The Department of Developmental Services said Friday that the confidential information may have been seen during a Feb. 11 break-in at one of its Sacramento buildings.

Read more on NBC Bay Area.

Here is the department’s notice from their web site:

The Department of Developmental Services is informing the public about a recent incident that may have resulted in the breach of confidential information. On February 11, 2018, a break-in occurred at the DDS legal and audits offices building in Sacramento. The trespassers ransacked files, vandalized and stole state property and started a fire. The Department has no evidence that personal and health information was compromised due to the incident. However, out of an abundance of caution, it is notifying clients and the public about the incident and following federal requirements regarding potential breaches.

As detailed in the notices below, the people who broke into the building had access to the health information of about 582,000 individuals served by DDS. They also had access to the personal information of about 15,000 employees of regional centers, service providers, applicants seeking employment with the Department’s audits office, and parents of minors enrolled in DDS programs. Responses to frequently asked questions are below.

From the department’s notification letter concerning PHI:

April 6, 2018

Notice of Breach of Protected Health Information

The Department of Developmental Services (Department) is writing to inform you about an incident that happened at the Department’s legal and audits offices in Sacramento. As explained in this letter, unknown persons broke into the offices, and had access to your personal health information. We have no evidence to believe those who broke in actually stole your information or can use any stolen information to harm you. In the abundance of caution, we are providing you this notice so you are aware of what happened, and can take steps to monitor any unusual activity regarding your personal health information.

What Happened

On Sunday, February 11, 2018, unknown persons broke into the Department’s legal and audits offices, ransacked the offices and paper files, vandalized property, and started a fire. The fire set-off the building’s sprinklers, which caused water damage to many documents and computer workstations. Law enforcement is investigating the incident.

After the break-in, the Department discovered a number of paper documents and compact discs (CDs) were either displaced or damaged from the fire and the sprinklers. Some of these paper documents and CDs included protected health information (PHI). Twelve state-owned laptop computers were also stolen, but the data on these computers cannot be accessed because they were encrypted to meet the highest federal security standards. The Department’s review of its computer system confirmed the network was not accessed. All electronic files remain protected.

Please note, the Department is not aware of any evidence the PHI on the documents or CDs located in the offices were taken or viewed by the thieves, or that the PHI on those documents or CDs was compromised in any way.

What Information Was Involved

The fire and water damage to some papers, the existence of CDs, combined with the required cleanup, makes it impossible for the Department to identify with certainty whose PHI may have been compromised. Because we do not know for sure whether your PHI was improperly viewed or accessed during the break-in, we are sending you this notice.

The information contained in paper files and CDs included PHI and other information such as: (1) names; (2) unique state-issued client identifier numbers; (3) service codes; (4) units billed; (5) service dates; (6) amounts paid for services; and/or (7) medical records.

And from their other letter on what types of PII were involved:

What Information Was Involved:

The fire and water damage to some papers, combined with the required cleanup, make it impossible for the Department to identify with certainty whose personal information may have been compromised. Because we do not know for sure whether personal information was improperly viewed or accessed during the break-in, we are issuing this public notice.

The information contained in paper files included personal information of certain employees of regional centers and service providers, applicants seeking employment with the Department’s audits office, and certain parents of minors enrolled in DDS’ Annual Family Program Fee, Family Cost Participation Program, or Parental Fee Program. The personal information included the following: 1) name; 2) address; 3) phone numbers; 4) social security number, and 5) financial records.


Related:

  • IVF provider Genea notifies patients about the cyberattack earlier this year.
  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
Category: Breach Incidents

Post navigation

← Singapore teen who hacked NFL Twitter account gets 24 months’ probation
ID theft suspect had medical records, personal information of 100+ people, police say →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.