Security

Ohi-D'oh! US prison hands inmates' SSNs over to... an identity thief

Convicted fraudster says he was given personal details in records requests

By Shaun Nichols in San Francisco

6 SHARE

Prison authorities in Ohio, US, mistakenly provided the social security numbers of thousands of inmates to a man convicted of identity theft.

The Mansfield News Journal says it was directly contacted by Lonny Bristow, who said he was sent the social security numbers of more than 2,000 prisoners when he made a public records request for inmate rosters at the Chillicothe Correctional Institution.

Bristow, whose past convictions included identity theft, making bomb threats, and telephone harassment, was supplied with an unredacted copy of the roster, which included, in addition to SSNs, each inmate's name, date of birth, Bureau of Criminal ID number, release date, and housing assignment.

The former inmate, who served time in state and federal prisons, told the paper he immediately sought to go to the press with the information for fear he would face criminal charges for possessing the numbers.

"I knew I had to turn it into the media," Bristow was quoted as saying. "I actually am truly done with the criminal life. Life's too short. I could've used those Social Security numbers to open a credit card account but I didn't."

The Ohio Department of Rehabilitation and Corrections did not return a Reg request for comment on the matter, but the News Journal reports the department is investigating and is looking to provide identity monitoring services for the inmates.

Ohio is not alone in making embarrassing errors of this sort. In 2013, a clerical foul-up at the UK's Ministry of Justice was blamed when the personal details of the inmate population of a Welsh prison were inadvertently sent out in a mailer to three families. ®

Sign up to our NewsletterGet IT in your inbox daily

6 Comments

More from The Register

NSO Group bloke charged with $50m theft of government malware

Alleged unethical behavior from a grey hat? Who'd a thunk it?

Chinese hotel chain warns of massive customer data theft

130 million could be impacted by Huazhu Group hack

Cisco sneaks hardcoded secret root backdoor into vid surveillance kit

Who watches the watchers? Anybody who has the login

Snail mail thieves feed international identity theft rings say Oz cops

A little bit of social engineering, a little bit of lax physical security and a whole lot of pain

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

Bod accused of masterminding malware attacks on banks around the world

ID theft in UK hits record high as crooks shift to more vulnerable targets

Less checked online services bear brunt

Security bods liberate EITest malware slaves

Miscreants' command and control network traffic sent down sinkhole

Brit police forces spend peanuts on cybercrime training

£1.3m over three years? Get with the times, plod

Malware targeting cash machines fetches top dollar on dark web

Demand massively outstrips supply, researchers find

Hackers abusing digital certs smuggle malware past security scanners

No longer just a spy game