Pasadena child welfare agency warns of data breach affecting clients, staff

PASADENA >> A Pasadena child welfare agency has warned that of a computer security breach that may have exposed the personal information of nearly 1,000 clients and staff members.
Hillsides, 940 Avenue 64, announced the data breach Wednesday. It was first discovered Dec. 8, when Hillsides officials learned that an employee had sent unencrypted files to a personal, non-Hillsides affiliated email address on five occasions between Oct. 10, 2014, and Oct. 19, 2015, Hillsides representatives said in a written statement.
The information sent contained names, social security numbers, home addresses and phone numbers for 468 Hillsides staff members, as well as names, birthdates, genders, medical identification numbers, therapists’ names and rehabilitative therapists’ names of 502 Hillsides clients.
The employee has since been terminated for violation of company policy, officials saiad.
“To date, the agency has been unable to recover the data files from (the employee’s) personal email account or verify whether the files have been deleted,” according to the statement.
“While Hillsides has no evidence that any of the personal information has been further disclosed or misused in any manner, they have provided notice of the incidents to individuals whose information was contained in the files so that they can take any precautions they feel are appropriate or necessary.”
Those who has received a letter from Hillsides notifying them their information may be at risk are encouraged to consider contacting the three major credit bureaus — Eperian, Transunion and Equifax — to review account statements and monitor free credit reports.
“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,“ Hillsides CEO Joseph M. Costa said.. “We will continue to investigate the incident, to reduce harm to potentially affected individuals, and to protect against future similar occurrences.”
The investigation has not resulted in a criminal case, Costa said Wednesday.
Hillsides does not call or email anyone requesting personal information, and anyone receiving an unsolicited call or email purporting to be from Hillsides should not provide any personal information, officials said.
“The agency is working with its legal counsel to ensure all appropriate steps and notifications are being followed,” according to the statement. “They are also implementing an employee re-training program to reduce the risk of future occurrences and improve its internal security awareness procedures.”
Affected clients and employees are also invited to contact Hillsides with questions. Privacy Officer Tony Aikins can be reached via telephone at 323-543-2800 from 8:30 a.m. to 4:30 p.,. Mondays through Fridays, via email at taikins@hillsides.org or by addressing a letter to Hillsides Support Services, attention “Privacy Questions” at 815 Colorado Blvd., Suite 100, Los Angeles, CA 90041.

Facebook Twitter Reddit Tumblr Linkedin Email