SACRAMENTO – The 260,000 state employees whose financial information was accessed by a computer hacker will get help making sure their credit ratings aren’t affected, Gov. Gray Davis said.
The state set up toll-free lines to credit bureaus, and will offer employee workshops, informational mailings, and a video on how to avoid identity theft, Davis said Wednesday.
The moves come a day before a Senate panel holds a hearing on why it took weeks for the employees to be told a hacker accessed a computer system containing their personal financial information.
“We think it’s just a beginning. There’s a lot more to be done here,” said Perry Kenny, president of the California State Employees Association.
The state data center had the computer software patch that would have prevented a security breach, but hadn’t installed it, officials with the state controller’s office said Wednesday.
The April 5 security breach at the Steven P. Teale Data Center may have exposed personal identity information, including Social Security numbers, of state employees.
The agency had installed a security update on one computer that housed state employee payroll deduction information, but not the other, the controller’s office said Wednesday.
Had the patch been installed, “that attack would not have been successful,” said Dave Dawson, a spokesman for the controller’s office.
The Department of Consumer Affairs’ Office of Privacy Protection set up phone lines Wednesday solely for state employees to call the nation’s three major credit bureaus. Employees are being urged to place fraud alerts on their accounts to protect against the unauthorized issuance of new credit, and to order credit reports they can check for signs of identity theft.
Within a few days, employees will be mailed letters with the toll-free numbers, instructions on how to read credit reports, how fraud alerts work, and other privacy protection tips.
The Office of Privacy Protection will schedule privacy workshops for Sacramento employees, and distribute a video of the workshop to employees elsewhere in the state.
Kenny said his organization is requesting that employees additionally not be penalized if they use state time to check their credit reports, that the state pay for reports, and that the state cover any losses traced to the computer breech.
“I am extremely concerned,” said Doris Lavenberg, a technician at the California Lottery’s Santa Ana office who thwarted an improper address change on a credit card bill Friday. She worries identity thieves were using information from the state’s computer, because “I’ve never had this happen before in my life.”
Sgt. James Lewis, spokesman for the Sacramento Valley High Tech Task Force that is handling the investigation, said no state employees’ identity thefts have been traced to the computer breech, leading investigators to hope the information hasn’t been used. The database included employees’ last names, first and middle initials, Social Security numbers and payroll deduction information.
The state’s privacy office, the nation’s first, was created by legislation authored by Sen. Steve Peace, D-El Cajon, whose Senate Committee on Privacy plans a hearing Thursday into the hacking.
Peace said his committee wants to know how a hacker or hackers could break into the state database, why it wasn’t discovered until May 7, and why employees weren’t notified until May 24.