Sensitive personal information on 2.9 million Georgia residents is at risk after a company lost a CD that contained the details.

It is at least the third such blunder in less than a week and raises serious doubts about the measures private companies and public officials take to safeguard individuals from identity theft.

The CD lost by Affiliated Computer Systems (ACS), which was hired to handle the information, contained full names, addresses, birth dates, social security numbers and member identification for recipients of Medicaid and other medical programs, according to an advisory (PDF) (http://dch.georgia.gov/vgn/images/portal/cit_1210/19/38/80010015Public_Notice-Missing_Personal_Data.pdf) from the Georgia Department of Community Health (DCH). The department said it has called on ACS to notify all those affected and assist them in monitoring their credit reports.

But the DCH's assurances amount to little more than chasing the stallion after it's bolted the barn. And it begs the question why it hadn't taken steps to ensure the information was encrypted in the first place.

The same goes for administrators at the Chicago Public Schools (CPS), which didn't take similar common-sense precautions with a laptop containing the names and social security numbers of 40,000 teachers. (The notebook was swiped (http://www.theregister.com/2007/04/09/chicago-teachers_security_breach/) from the CPS's headquarters on Friday.) Or for that matter, why officials at the University of California, San Francisco, didn't do more to protect 46,000 people whose personal information may may have been stolen (http://www.theregister.com/2007/04/04/ucsf_computer_security_alert/) last week.

Those concerned about the DCH goof can ask questions by calling +1-866-213-3969. ®

Related stories

Hitachi ships Travelstar 7K200 encrypted hard drive (7 June 2007)
http://www.channelregister.co.uk/2007/06/07/hitachi_travelstar_7k200_encrypted_hard_drive/
M&S in ID theft flap over stolen laptop (9 May 2007)
http://www.theregister.co.uk/2007/05/09/printing_security_flap/
TSA: We're not saying our hard drive is gone but... (7 May 2007)
http://www.theregister.co.uk/2007/05/07/tsa_loses_hard_drive/
Feds urge tougher ID theft laws (24 April 2007)
http://www.theregister.co.uk/2007/04/24/id_theft_plan/
Laptop thefts expose 40,000 Chicago teachers (9 April 2007)
http://www.theregister.co.uk/2007/04/09/chicago-teachers_security_breach/
UCSF computer security breach affects 46,000 (maybe) (4 April 2007)
http://www.theregister.co.uk/2007/04/04/ucsf_computer_security_alert/
Seagate ships hardware-encrypted notebook drives (4 April 2007)
http://www.theregister.co.uk/2007/04/04/seagate_hardware_encrypted_notebook_drives/
TJX lost up to 45.6m card numbers (29 March 2007)
http://www.theregister.co.uk/2007/03/29/tjx_credit-card_debacle/
Hospital laptop theft sparks concerns (28 March 2007)
http://www.theregister.co.uk/2007/03/28/hospital_laptop_theft/
Six individuals suspected of using stolen TJX data (21 March 2007)
http://www.theregister.co.uk/2007/03/21/tjx_info_arrests/
Laptop losses and phishing fruit salad (20 February 2007)
http://www.theregister.co.uk/2007/02/20/online_risk_assessment/
Nationwide fined £980,000 over stolen laptop (14 February 2007)
http://www.theregister.co.uk/2007/02/14/nationawide_fined/
ID theft fears as VA loses another hard disc (7 February 2007)
http://www.theregister.co.uk/2007/02/07/va_disc_loss_security_flap/
Fraud linked to TJX data heist spreads (29 January 2007)
http://www.theregister.co.uk/2007/01/29/tjx_data_fraud/