Back in August, I reported a breach involving the Guttenberg Housing Authority in New Jersey that had reportedly left many housing residents and housing applicants on the waiting list confused and worried due to the lack of information in the notifications. Three months later, Tricia Tirella of the Hudson Reporter reports that residents are still unable to get specific answers from GHA and that some have now gone to the police:
Originally, GHA officials declined to comment when the Reporter asked them questions about the incident. The Newark office of the federal department of Housing and Urban Development (HUD), which oversees the GHA, also declined to comment on the matter, releasing a statement that “It is HUD’s policy to refrain from commenting on matters in which litigation is pending or threatened to avoid prejudicing the position of the parties.”
It is unclear what the mention of “litigation” refers to.
This past Nov. 16, the Hudson Reporter asked GHA Executive Director Barbara Criscione if there was any progress in the investigation. The Reporter also requested public documents related to the investigation, citing the state’s Open Public Records Act. Among the information requested was any written correspondence to the police or other government authorities on the investigation.
Criscione responded last week by saying that she had no comment and that residents could directly contact the GHA office for additional questions. She said that the GHA was denying the OPRA request for documents related to the investigation because it was “overly broad and unclear.” She also denied the request for “written notification to police or other government authorities” because it “…is related to an ongoing investigation of this agency, and disclosure of such information would be adverse to the public interest.”
[…]
Several residents have now filed police complaints – and the police say the GHA has been equally unhelpful with them.
Read more in the Hudson Reporter.
DataBreaches.net has routinely called for transparency and adequately detailed notification letters. While some breaches are not disclosed promptly and fully due to active law enforcement investigations that might be compromised by disclosure, it is not clear whether this is one of those situations. But how would you like to be in the residents’ shoes of not knowing what the heck happened?
In the meantime, because the breach involved unauthorized access of SSN and financial data, I would encourage all people who are residents or who were on the waiting list for housing to assume that their data were taken for purposes of ID theft and take the kinds of cautionary steps recommended by non-profit organizations like the Identity Theft Resource Center and Privacy Rights Clearinghouse. The Federal Trade Commission also provides free and helpful advice as to what to do in this type of situation.