Update: California lawmakers rip handling of data theft at university

Computerworld - Four members of the California state assembly are pressuring the state's Department of Social Services (DSS) to immediately improve its attempts to notify 1.4 million state residents that their personal information may have been stolen by hackers in August.
In a letter Wednesday to Kim Belshe, secretary of the state's Health and Human Services Agency, which oversees the DSS, the lawmakers were critical of the department's decision to "only issue a media advisory about the 'unauthorized access.' " The media advisory "is not the most effective way to communicate with the workers and affected elderly and disabled clients," the letter stated.
Instead, the legislators wrote, "we believe it is imperative and well worth the cost to individually inform every affected party so each client and worker can personally check and see if they have been a victim of identify theft."
Under a California privacy law that went into effect last year, businesses and public agencies are required to inform individuals when their names -- in combination with either their Social Security numbers, driver's license numbers or credit/debit card numbers with personal identification numbers -- have been accessed by an unauthorized person (see story).
Last week, the state announced the apparent security breach and warned affected state residents of the incident through a media advisory (see story). The personal data was being used with the department's consent by a researcher working at the University of California, Berkeley, in August when it was apparently infiltrated by hackers. The DSS is working with the FBI to investigate the case.
The incident involved a computer that contained personal information on about 1.4 million recipients and providers participating in DSS's In-Home Supportive Services (IHSS) program, which provides home care services to low-income elderly and disabled Californians. Names, addresses, telephone and Social Security numbers, and the birth dates of IHSS participants may have been stolen, according to the DSS.

"We respectfully request that you require the Department of Social Services to individually notify In-Home Supportive Services recipients and providers that the privacy of their personal information may have been compromised due to the breach of security suffered at UC-Berkeley," the letter stated.
Hans Hemann, chief of staff for assembly member Loni Hancock, said the DSS response of sending out a media advisory was "underwhelming."
"We believe that the efforts of the department have not reached a sufficient number of the IHSS clients so far," Hemann said. The media advisory was sent to about 500 newspapers, television and radio stations, he said, and the DSS set up