Four storage disks containing personal information of around 800,000 individuals, which belong to California’s Department of Child Support Services, have been lost in transit during a disater recovery test excercise.
The disks were being transported from an IBM’s business continuity facility facility in Boulder, Colorado to a storage unit operated by Iron Mountain in California. According to Iron Mountain, the disks were being transported by a third-party shipping company.
"On March 12, 2012, the Department of Child Support Services (DCSS) was notified by California’s Office of Technology Services (OTech) that contracted service providers, International Business Machines (IBM) and Iron Mountain, Inc. could not locate several specialized storage devices," the department revealed in a statement.
"It was confirmed on March 20 that the devices contained personal information," the statement explained. "Since then we have been working to identify the individuals who are possibly affected by this incident. Our primary
goal has been to notify everyone as quickly as possible. Letters were mailed to all impacted parties on March 29, 2012."
Documents stored on the disks included names, addresses, social security numbers, drivers license numbers and health insurance plan ID numbers. A spokesperson for the department told the Associated Press that the devices cannot be read with conventional computing equipment.
The department’s statement included detailed information on how individuals who think they may have been affected can protect their identities.
IBM was involved in a similar data breach exactly a year ago. In March 2011, the IT giant misplaced drives holding the records of 1.9 million health insurance policy holders, that it held on behalf of insurer Health Net.
In 2003, IBM won an $800 million contract to supply the department with its Child Support Enforcement system. The system will allowed "authorised state child support professionals to track and locate parents who are not making child support payments required by law and will enable more efficient collection and distribution of support payment", it said at the time.
Information Age has been unable to reach IBM for comment.
The state of California has had a law the requires any organisation that suffers a data breach to inform the affected individuals since 2003.