State employee information lost in the mail

April 01, 2009|By Gadi Dechter | Gadi Dechter,gadi.dechter@baltsun.com

The names and Social Security numbers of about 8,000 state employees and retirees were in a report "lost in the mail" this month, raising concerns about identity theft and questions about why sensitive information was sent through the postal service rather than electronically.

Maryland officials say there is no evidence that the information was stolen or misused, but the Department of Budget and Management has suggested compromised employees place a "fraud alert" with national credit-rating agencies as a precaution.

"We have no reason to believe there was any theft or any nefarious incident other than something innocent and accidental," said Robin Sabatini, the budget department's chief of staff.

On March 3, the Employee Benefits Division received a torn and empty envelope from SHPS Human Resource Solutions, Inc., the company that manages the health savings account program for state workers. Missing from the envelope was a monthly fee invoice that contained employee names and Social Security numbers and information about the plans in which they were enrolled.In an e-mail to affected employees March 23, state officials said the report was "lost in the mail" and that the U.S. Postal Service had apologized.

"It's disturbing," said Patrick Moran, Maryland director of the American Federation of State, County and Municipal Employees. "I don't understand ... why they're sending this stuff around through the mail when there's electronic means to do all that."

The incident has prompted the state to require the vendor to transmit future reports electronically, Sabatini said. The state has also reported the incident to the postal service's inspector general for a review, she said. An SHPS spokeswoman declined to comment.

In the wake of laws requiring disclosure of personal-information breaches, notifications of such incidents have become commonplace, but consumer advocates warn against complacency. "Don't treat it as junk mail," said A. Hugh Williams, who runs the Identity Theft Program in the attorney general's office. "Especially when it's something like your Social Security number."

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.