Original URL: http://www.theregister.co.uk/2009/02/09/kaiser_security_breach/

Kaiser Permanente breach leads to ID theft

Workers notified after police cuff suspect

By John Leyden

Posted in Security, 9th February 2009 22:05 GMT

Kaiser Permanente has admitted a breach of its employee records systems has resulted in incidents of identity theft.

The breach came to light after police arrested an unnamed suspect, found in possession of a computer file containing personal details of the US health care provider. The file contained information such as employee name, address, phone number, Social Security number, and date of birth. No Kaiser Permanente member data or health records were involved.

The suspect caught with the human resource information was not employed by Kaiser, the firm said. Indications therefore point to an attack by external hackers, although the involvement of a corrupt insider with external crooks remains a possibility.

In a statement, Kaiser Permanente said the breach affected workers in northern California, who are being notified of the breach. The firm has launched an internal investigation into the cause of the breach, which remains unclear.

Kaiser is offering a year's free credit monitoring to the 29,500 employees hit by the security lapse. The firm has pledged to improve its security systems to guard against further breaches. ®