THE US SOCIAL SECURITY ADMINISTRATION (SSA) hasn't bothered to notify people who have had their personal information and Social Security numbers exposed because they were wrongfully listed as dead in its database.
According The Republic, as many as 14,000 living persons are listed on the "Death Master File" (DMF) every year as a result of various errors. The database, which now contains over 90 million records, was made public in 1980 in order to make it hard for fraudsters to assume the identities of deceased individuals.
A DMF record contains a dead person's name, date of birth and Social Security number, details that meet the criteria of personally identifiable information (PII) and can be used for identity theft.
Journalists from the Scripps Howard News Service found the personal information of 31,931 living Americans listed in three copies of the Death Master File.
When questioned, most of those affected had no idea that their information had been exposed, and those that did, only found out because of frozen bank accounts, declined credit card applications, refused mortgages and other problems resulting from them being listed as deceased.
Social Security Commissioner Michael Astrue wrote in a letter sent last month to Deputy Senate Majority Leader Richard Durbin, Democrat of Illinois., that when a DMF listing error is discovered, it is corrected immediately and the breach is reported to the United States Computer Emergency Readiness Team (US-CERT).
He also noted that all cases are reviewed for misuse by an independent contractor, but if no fraud is detected, the SSA does not inform the individuals whose information has been exposed.
The ironic thing is that if the SSA was a private company it would have been forced to notify those affected and also offer them credit monitoring services, depending on each state's laws.
However, since the SSA is a federal agency, it is exempt from local laws and there is no legislation at the federal level that would force it to notify the victims of a data breach incident.
California was the first state to pass a mandatory data breach notification law in 2003. All states except Alabama, Kentucky, New Mexico and South Dakota have followed suit since.
The Social Security Administration might, however, be in violation of a 2007 directive from the Office of Management and Budget (OMB) that mandates that every federal agency should develop its own data breach notification policy.
Now see how they do it in foster care.
Now see how they do it in foster care.
1 comment:
Foster care and adoption is another population of fraudulent use of identities.
Post a Comment