by Martin H. Bosworth

August 24, 2007
The last thing you want to worry about when enjoying your golden years is the possibility of identity theft or fraud, but two data breaches this week have left thousands of pensioners and retirees in that exact position.

A laptop containing data on 280,000 New York City retirees was stolen from a consultant to the city's Financial Information Services Agency (FISA) on August 23. The unidentified consultant reported that the laptop was stolen when he brought it to a Korean restaurant at roughly 8:20 pm, and could not confirm that the data was encrypted.

The consultant was employed by CGI AMS, a Canadian information and technology services company hired by the city to evaluate the city's pension payments system.

City Comptroller William Thompson, who oversees the city's pension payroll, said he was "outraged" by the theft and that CGI AMS should foot the bill for notifying and protecting any affected city retirees.

"Our pensioners should not be victimized by an absence of judgment by this consultant," Thompson said in a statement. "Providing these credit protection measures, no matter what the cost, will give our pensioners the peace of mind they deserve that we are employing all means possible to protect their assets."

FISA also said it was conducting an internal investigation of the incident, and police are currently looking for the suspected thief.

CalPERS' Calamity

A day earlier, officials at the California Public Employees' Retirement System (CalPERS) announced that they had mistakenly published the Social Security numbers of 445,000 state retirees on brochures announcing an upcoming election. Some of the brochures contained full numbers, others only partial numbers.

The breach occured when the printer accidentally added the numbers to the brochures' address boxes, even though the printing system had alerts designed to detect and prevent publication of Social Security numbers.

CalPERS' spokepersons said the breach is causing them to perform a thorough top-to-bottom review of their security procedures to prevent another occurrence, but has not said it would provide credit protection to any affected individuals.

CalPERS also downplayed the incident, saying that the numbers could not be easily identified, making them harder to use.

Accidental printings of Social Security numbers have become a frequent cause of data breaches in recent months. In January 2007, Wisconsin's Department of Revenue accidentally printed up tax forms with visible Social Security numbers on the front page for 17,000 citizens.

It was later revealed that the printing agency and the Department of Revenue tried to keep the breach quiet, but went public after angry residents contacted the media about the incident.

And in November 2006, a printing contractor hired by Chicago's school system accidentally sent out personal information on 1,740 employees, mistaking them for health care providers. The information included names, addresses, and Social Security numbers, any combination of which could easily be used by thieves to steal someone's identity or gain access to their finances.