The state issued a press release Thursday, March 29, disclosing that California’s Office of Technology Services notified the DCSS on March 12 that two contracted services — IBM and Iron Mountain Inc. — could not locate storage devices that were en route via FedEx from IBM’s Colorado facility to California.
According to The Sacramento Bee, the lost data involves less than one-fifth of the 4.3 million people in the 1.4 million cases the department.
“Because the devices are in a specialized format, we have no reason to believe, at this time, that the data have been accessed or utilized in any way,” said Kathleen Hrepich, DCSS interim director in the release. “Additionally this incident will have no impact on the processing of child support cases.”
DCSS confirmed on March 20 that the devices contained personal information of 800,000 parents, guardians and children — including names, addresses, Social Security numbers, driver’s license numbers, names of health insurance providers and employers. The DCSS mailed the notification letters to the impacted citizens on Thursday, March 29, the same day the press release went out, and has posted a file documenting the incident on its website.
The DCSS also notified credit reporting agencies and the state attorney general’s office about the incident.
The state recommends precautionary measures, including placing fraud alerts on credit cards, getting copies of credit reports and reviewing explanation of benefits statements they get from health insurers.