The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
While tight with the purse strings when it comes to public employees and a self-proclaimed advocate for small business (though very well-funded by big business), apparently the Walker administration does support full employment for at least one group of workers who clearly don’t rely upon collective bargaining: identity thieves.
Last week, the Wisconsin Department of Revenue revealed that it had accidentally made public 110,795 Social Security numbers and tax ID numbers of Wisconsin residents. The numbers were mistakenly embedded in a real estate report and posted to the department’s website for almost three months before being removed.
There are some very disturbing trends here. First, the Walker administration doesn’t seem to have any concept of what it’s talking about when it comes to identity theft. Walker’s appointee, Revenue Secretary Rick Chandler, clearly missed the boat when he said in a prepared statement: “We know the individuals who downloaded this file are using it for their own business purposes and have no malicious intent…”
[Credit Check Tool: Monitor your credit score and activity for free with Credit.com]
The second disturbing thing about this data breach is that it demonstrates the government of the Great State of Wisconsin is continuing its grand tradition of negligence when it comes to protecting the personal identifying information of its citizenry. This is the fourth time since 2006 that Wisconsin state agencies have been involved in the public release of Social Security numbers.
Three of those breaches involved the Revenue Department. In 2006, a private contractor working for the department mailed 171,000 tax booklets with taxpayers’ Social Security numbers printed right on the front. That’s a goof significant enough to make an identity thief fall to his knees and praise the Lord. While the state managed to intercept 54,500 of the botched booklets at post offices, that mishap still cost taxpayers $500,000 to cover one year’s worth of credit monitoring services for victims of the breach.
[Related Article: Hello Citizens United, Goodbye CFPB: Consequences of the Wisconsin Recall]
Apparently, the department still didn’t learn its lesson. In January 2008, it mailed 5,000 tax forms with taxpayers’ Social Security numbers clearly visible through the envelope windows. Department executives tried to weasel their way out of responsibility by blaming the breach on the machine that folded the forms, instead of taking a hard look at the humans who ran the folding machine, or the humans in charge of reviewing the work of the humans who ran the machine that folded the forms. (And you thought that disasters only came in threes?) That same month, the Wisconsin Department of Health and Family Services had a FUBAR of its own, when a private contractor mailed 260,000 booklets to Medicaid recipients in the state with their Social Security numbers printed right on the front.
One reason this happened is that unlike its neighbors, Wisconsin still uses Social Security numbers as Medicaid ID numbers. Wisconsin Rep. Marlin Schneider, known by the catchy nickname “Snarlin’ Marlin,” called that practice “stupid.” I couldn’t have said it better.
So, for those keeping score, here’s how to tell that the identity theft problem in Wisconsin isn’t getting any better.
The previous breaches either involved third-party vendors for the state, or a relatively small number of Social Security numbers leaked by the state itself. But this latest debacle was a whopper: Over 100,000 Social Security numbers have been potentially exposed to any fellow, well-intentioned or not, with a laptop or a smart phone. And it was committed by the Walker administration itself, not by some third-party operator in Plano, Texas.
Even after hundreds of thousands of innocent “Cheeseheads” have been exposed to identity theft and all manner of financial crimes; even after the state has spent (or will spend) more than $1 million on credit monitoring for victims (which doesn’t really help anyway, since all the thieves have to do is wait a year plus one day to begin their wild spending sprees using the purloined Socials); Scott Walker’s appointee had the audacity to imply that he believes the people of Wisconsin are safe.
[Related Article: 5 Stupid Things You’re Doing to Ruin Your Credit]
I have a few suggestions for Mr. Walker that might help to make things right. Firing Secretary Chandler would be a good place to start. (I think you can do that immediately Governor, as I don’t believe he is a member of the Civil Service.) He very clearly doesn’t appreciate the importance of data security, or even how it works, and though I’m sure he’s a nice guy, this is a weakness the citizens of Wisconsin cannot afford in that position. It would send an unequivocal message to the rest of Wisconsin’s department heads that taxpayers’ private data is of paramount importance, and must remain private. These data breaches must end.
Second, like most states, Wisconsin clearly needs tighter rules and procedures regarding protections for citizens’ personally identifiable information (PII).
Governor, you have become a political icon for “right thinking” Americans, but when it comes to data security, your administration has to think smart and do what is right. Data like citizens’ names, addresses, birthdates and Social Security numbers, functions like keys to the locks of the economy, opening doors to bank accounts, credit cards, car loans, mortgages, personal loans and all sorts of medical and criminal exposure. Sending that data through the mail, effectively embossed on the front of envelopes, or releasing it into cyberspace for all the world to see is like giving a drunk the keys to your Chevy and wishing them a safe trip home.
Finally, sir, I have a proposition. Because Wisconsin agencies have demonstrated a disturbing penchant for “billboarding” the PII of your citizenry several times over the past few years, it seems that it’s time for you to get some help. There are plenty of companies out there that can help you evaluate the integrity of the Wisconsin Department of Revenue’s security protocols and help you develop and implement a data breach preparedness and response program. Full disclosure, I own a company that does this kind of work and I’d be willing to give you two weeks of consulting for free just to get you moving on this. However, even if you choose to decline my offer, I urge you to retain a qualified organization to thoroughly investigate the security systems and protocols in place throughout your government agencies. The citizens of Wisconsin deserve no less.
[Featured Products: Research and compare Identity theft protection plans at Credit.com]
This is an Op/Ed contribution to Credit.com and does not necessarily reflect the views of the company.
Image: Jason Riedy, via Flickr
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams