INDIANAPOLIS – State officials have narrowed a security breach from hundreds of thousands of Hoosiers to just 64, the Indiana Family and Social Services Administration reported Wednesday.
Last month the agency announced a massive computer programming error in which personal information of a large number of people receiving aid from the state was possibly compromised. The Hoosiers receive state benefits of one sort or another, from cash assistance, to Medicaid or food stamps.
But on Wednesday FSSA said final results of a review show that only 16 clients had their full Social Security numbers inadvertently shared. Another 48 clients had various other personal data disclosed.
RCR Technologies – the contractor responsible for the mistake – has agreed to pay for credit monitoring for the individuals actually affected by the breach and will be contacting them directly to arrange this service.
“We are comforted to know definitively now that, as we suspected, very few clients had any of their personal information shared,” said Debra Minott, secretary of the FSSA. “Still, if one client’s information is unnecessarily disclosed, that’s one too many. We have received assurances from RCR that the appropriate steps have been taken to correct the original programming error and prevent anything like this from happening again. We will continue to scrutinize their performance very closely.
FSSA will notify all of the clients of the findings of the report, including sending a letter to clients whose information was breached to let them know they will receive credit monitoring through RCR.
The agency also will notify the vast majority of clients who were determined not to have been impacted by the breach to reassure them their information was not disclosed to anyone else. Lastly, FSSA will send letters to its clients who RCR identified as receiving other clients’ information with specific instructions on how to return the materials to FSSA if they are still in possession of it.