Wednesday, May 30, 2007

Identity Theft?

In the midst of all of the end of session activity whirling around right now, I happened to come across what strikes me as a very important story that has appeared to slip under the radar screen.
The state's professional-regulation department is notifying roughly 300,000 licensees and applicants that a computer server with some of their personal data was breached early this year, a spokeswoman for the agency said Friday. (Emphasis added)
Potentially at risk for identity theft are banking and real estate professionals whose licensing information - including addresses, tax numbers and Social Security numbers - were kept on the storage server, said Sue Hofer, spokeswoman for the Illinois Department of Financial and Professional Regulation.
Making a bad situation worse is this:
Hofer said investigators have determined that the breach "looks like criminal conduct." She said the hacking appears to have come from a source outside state government.
Department officials notified the Illinois State Police and FBI after they determined on May 3 that the computerized information had been compromised, probably in January, Hofer said.

She said authorities initially asked Gov. Rod Blagojevich's administration not to tell licensees about the breach so that the investigation would not be compromised. The administration also did not immediately inform members of the General Assembly at the request of authorities, Hofer said.
State law is somewhat open-ended about how soon a public or private body must notify individuals when their personal data has been stolen, said Deborah Hagan, the chief of consumer protection for Illinois Attorney General Lisa Madigan. The law allows investigators to delay disclosure, she said.
"I think there has to be a balance in terms of getting this information out to affected persons as quickly as possible - versus not interfering with an investigation which may result in catching the perpetrator," Hagan said.If you ask me, that balance should be tilted in favor of protecting the 300,000 licensees potentially affected by the incident, which include mortgage brokers, pawn shop operators and real-estate agents.
I'm in no way saying that the Department acted improperly, provided that the statement that they held back the information was at the request of the authorities. But there are 300,000 Illinoisans right now that might not be sleeping too easily.

5 Comments:

At May 31, 2007 at 12:38 PM, Anonymous Anonymous said...

This is a very serious issue. I just question why it took so long to notify the victims.

On another note, good to see you blogging. I would love to know your thoughts on when session will end, the Governor, etc.

 
At May 31, 2007 at 4:31 PM, Anonymous Anonymous said...

A family member of mine just received a letter today from the Dept. of Professional Regulation about the security breach--and although authorities may have been conducting an investigation, the victims in this situation should have definitely been notified right away. It's also curious that it took the agency four months to realize their system was breached.

On a side note, I didn't realize how long -- or for what reason -- agencies keep information on expired licenses -- my family member had a real estate license for one year about 25 years ago.

 
At June 1, 2007 at 10:48 AM, Anonymous Anonymous said...

I would like to thank Representative Fritchey for informing everybody of the breach in security of IDFPR's secure website. I am a state licensed mortgage broker and I received my letter earlier this week. It is very scary indeed and everyone should contact the three major credit companies: Trans Union, Equifax and Experian and ask them to put a fraud alert on their report.

What future and current Cook County home owners should be more scared about is pending legislation called SB 1674 that, if passed, will create a predatory lending data base for EVERYONE getting a loan in Cook County. It is the same exact secure database that was breached in January.

If the bill passes, loan originators are mandated, by law, to enter the following information of everyone applying for a mortgage; name, address, social security number, birthday, income and expense info such as your credit card numbers and instalment loans.

As previously mentioned, this information will be entered into the same "secure" website that was breached in January. 300,000 names is enough!!! Why put everyone applying for a mortgage in Cook County at risk?

I urge everyone reading this to contact thier State Representative and State Senator ASAP and ask them to keep your private information private by voting no to SB 1674.

David Hochberg
President
Townstone Financial

 
At June 1, 2007 at 11:11 AM, Anonymous Anonymous said...

Open Memo to the Department of Financial and Professional Regulation:

I am one of the unlucky 300,000.

Your form letter of May 17 says, in part: "At present, there is no indication that the unauthorized access to the server resulted in the theft of your personal identifying information."

Yet, Rep. Fritchey reports: "Hofer said investigators have determined that the breach 'looks like criminal conduct.'"

So -- criminal or not? (Oh, good. Just what the aggrieved need right now: parsing by IDFPR over the signature of Director Dean Martinez.)

In any event -- may I RESPECTFULLY suggest that you get out of the business of using social security numbers as identifiers for licensees.

Several state universities have done this for their students. You can, too. Heck, the universities surely can provide you with the methodology (and perhaps even the software) they used to do it.

In the meantime -- thanks a bunch -- for nothing.

 
At June 1, 2007 at 11:01 PM, Anonymous Anonymous said...

John, this governor is terrible. I'd like to see you more vocal concerning Blago's ongoing corruption. Too much fluff in your blog. Take a chance, you can do better!!

 

Post a Comment

<< Home