The Biggest Data Breach of 2014 Threatens Kids

Published

May 31, 2018

Christine DiGangi is the former Deputy Managing Editor - Engagement for Credit.com and covered a variety of personal finance topics. Her writing has been featured on USA Today, MSN, Yahoo! Finance and The New York Times International Weekly, among other outlets.

While 2013 rounded out the year with some pretty astounding data breaches (i.e. Target and Neiman Marcus), 2014 is already chock full of more compromised information. And the biggest breach of the year so far is due to a government error.

The personal information of more than 48,000 North Carolina children was compromised when their Medicaid cards were mistakenly sent to the wrong addresses. A statement from the North Carolina Department of Health and Human Services attributed the error to a program that was supposed to generate a mailing list from the database of eligible children, but it pulled the wrong names and addresses.

As of Jan. 21, it was the largest data breach so far in 2014, according to the Identity Theft Resource Center. (There have been 30 breaches reported thus far, adding up to nearly 100,000 affected consumers.) The cards list the child’s name, date of birth, Medicaid identification number and primary care physician. The department is reissuing cards to those affected by the error, and they will also receive new Medicaid ID numbers. Compromised numbers have been flagged, and the department has directed those who mistakenly received cards to destroy them immediately, either with a shredder or by cutting them into small pieces.

Not only was this a violation of HIPAA (Health Insurance Portability and Accountability Act of 1996, which protects patient information), the incident has raised concern of identity theft among families of the children affected. Social Security numbers weren’t revealed in the breach, but there’s a possibility personal information can help fraudsters obtain more sensitive data that would allow them to create accounts in the person’s name. Children typically do not have credit reports unless someone has established a credit history in their name — and if a child does have a credit report, it may be a sign that someone has used their information to commit fraud. The clean-slate financial history of a child can be tempting to identity thieves, and such fraud may go undetected until years later when the child reaches adulthood and tries to apply for credit in his or her own name.

“I’ve said it before, but this is an epidemic,” says Adam Levin, co-founder and chairman of Credit.com and IdentityTheft 911. “People make mistakes, but these mistakes can have a lasting impact. The kids involved in this breach might not know if they’ve become victims for years and by then it will be too late.”

Parents can check with the three major credit reporting agencies to see if their children do have credit reports (again, keep in mind, they likely won’t), and to make sure no one has hijacked their identities. Each credit reporting agency requires parents to fill out special paperwork to request a child’s credit report, so it’s important to check with each one on their process. (If you’re worried about your own identity, you can monitor your credit scores for free using the Credit Report Card, a tool that updates two of your credit scores monthly. Any unanticipated and sudden change in your scores could signal possible identity theft.)

As far as Medicaid misuse, the department said it will issue statements of account activity to parents of or adults responsible for children whose IDs were caught up in the mess.