Governments are cause of half the records lost in data breaches this year

Let’s all stand and cheer for Judy Yacio, a retired Texas school principal who struck a blow to stop identity theft. She exposed a flaw in the Teacher Retirement System of Texas that could make it easy for identity thieves to steal her personal banking information.

Government data breaches, in which personal information is accidentally released or stolen, are growing. This year, ineptitude on the part of federal, state and local governments was responsible for nearly half of all personal records lost in data breaches, according to statistics kept by the Identity Theft Resource Center. The rest happened in businesses, especially in the banking and medical communities.

In the spring of 2011, the Texas comptroller’s office announced that, for about a year, it had inadvertently exposed Social Security numbers and other data about 3.5 million Texans on a state website accessible to the public. The breach, probably the largest in Texas history, included names and addresses, and sometimes birth dates and driver’s license information. That’s enough for any ID thief to wipe some out financially.

The Texas attorney general’s office and the FBI launched a criminal investigation. Several employees in the comptroller’s office were fired.

In June 2011, 4,900 current and former workers at the state Department of Assistive and Rehabilitative Services were told that their personal information was exposed.

“Government has to be more careful,” Yacio says.

Ridiculous picture courtesy of identitytheftprotection.net

She knows. As readers of the Dave Lieber Watchdog column in the Fort Worth Star-Telegram first learned, after Yacio switched the bank account to which her retirement check was to be directly deposited, she got a call from her credit union telling her that it had received a letter from TRS to confirm the change. But her personal information, the credit union told her, was clearly visible through the TRS envelope.

TRS had used a window-style envelope. Yacio’s name, address and account number were visible through the front window. Anyone who handled the letter could use that information to steal from her.

Yacio flipped out. She contacted the state comptroller’s office, which directed her to TRS. She also complained to state Sen. Wendy Davis, D-Fort Worth. A staffer contacted TRS on her behalf, too.

“Window envelopes are a bad idea when sending sensitive information, as some things show that we don’t want others to see,” the former principal scolds. “People are getting sloppier and sloppier in protecting our personal information. And we wonder why identity theft has increased. The state needs to be more careful. Period!”

Her plan was to push the issue: “I rightly raised a ruckus,” she says. “People need not sit back and accept what is being done.”

She told TRS leaders on the phone, “Guys, you’ve got to quit using window envelopes. Window envelopes are very dangerous with this kind of information.”

TRS officials did something she did not expect: They listened to her.

TRS spokeswoman Rhonda Price told Watchdog Nation: “We can confirm that we have changed our procedures.” Letters with personal information to banks and credit unions “will now be mailed utilizing mailing labels so that the content of the envelope cannot be seen.

“Our longer-term solution will be to have the sensitive information taken off [the letters], but that will require programming changes. We believe our interim solution will resolve the issue until the programming changes can be made.”

Yacio praises TRS for its quick recovery.

Jay Foley, executive director of the Identity Theft Resource Center, says breaches caused by government are worse than those caused by private businesses.

“As a consumer, I chose which businesses I will share my personal information with. I don’t have that luxury with government.

“If I want a driver’s license, I have to give my Social Security number. I pay taxes, and I have to use my Social Security number. If I want unemployment, I have to give my Social Security number.

“Government for a long time has allowed the Social Security number to be the de facto piece of identifying information about each of us. The downside is that government has never really learned how to control the information.”

That’s why Yacio’s battle cry is noteworthy. When any vulnerability is found in the protection of personal data, raise a ruckus.

# # #

Dave Lieber shows Americans how to fight back against corporate deceptions in his wonderful book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong.

The book focuses sharply on how to protect against identity theft and defend yourself if you’ve fallen victim to this. Are you tired of losing time, money and aggravation to all the assaults on our wallets? Learn how to fight back with ease — and win. Get the book here.

Read The Watchdog Nation manifesto here!