Horizon Blue Cross Blue Shield has just announced that two laptop computers were stolen from its Newark, New Jersey headquarters. The stolen laptops contained personal information including names, addresses, dates of birth, Social Security numbers and more on 839,711 members thereby placing them in serious danger of identity theft. The computers, which were locked by cables to employee workstations inside the Newark headquarters, were protected by passwords, but the information contained on the computers was not encrypted, thereby making the information available to an identity thief who is adept at using software programs used to decipher passwords. Unfortunately, we have no reason to believe that the passwords used are of sufficient strength to make the process of breaking down the passwords difficult, particularly when the company did not take the important step of encrypting the information.
Similarly, it has just been revealed that a laptop computer and paper files containing personal information of 1,300 patients of the Houston Methodist Hospital was stolen last week. In this case again the data was not encrypted and the paper files not properly secured thereby putting the hospital’s patients in serious jeopardy of identity theft.
These two laptop thefts are, unfortunately, not unusual and they serve to highlight two important facts. First, that you are only as safe from identity theft as the security of the weakest place that has your personal information and second, that companies are still not taking basic security measures such as encrypting data, necessary to protect the privacy of personal information that they hold.
In regard to these specific instances, those members affected by the laptop thefts at Horizon Blue Cross Blue Shield are being notified by Horizon and are being offered free credit monitoring and identity theft protection, which I strongly advise that you accept if you are affected by this security breach. In regard to the Houston Methodist Hospital laptop thefts, the hospital is in the process of notifying those patients affected and are also offering free identity theft protection for a period of one year. Again, if you are a victim of this data breach, I urge you to accept the offer.
In addition, those people affected and, quite frankly, everyone, should consider putting a credit freeze on their credit reports to prevent someone from accessing their credit report even if an identity thief has gotten access to Social Security numbers and other information that would otherwise permit access to the all important credit report. Everyone should also regularly monitor their credit reports for early evidence of identity theft. You can find information about how to get a credit freeze and your free credit reports in my book “How to Protect Your Identity in a Digital Age” as well as here on Scamicide.