A former San Francisco city employee breached the confidential data of nearly 2,500 Medi-Cal recipients in an effort to make a case defending the “poor performance” that led to her dismissal.
The client data–which includes Social Security numbers, and other sensitive personal data, was sent to her own home PC, but was also exposed to her attorneys and union representatives.
Given the reason for breaching the data, and the limited audience with which the information was allegedly shared, it seems highly unlikely that any of the client information will be used for identity theft or any other nefarious purposes. However, that doesn’t change the fact that the data should not be exposed or compromised.
The fired worker in question ostensibly had a legitimate business purpose for having access to the data in question. The incident illustrates, though, that organizations need to have better monitoring and filters in place to control what happens with that data, or where that data is allowed to be sent or saved even when it is accessed by an authorized individual. Obviously, there will be some workers who need to have access to sensitive information, and organizations need tools to prevent that data from going any further or being shared with or exposed to unauthorized individuals.