Data breach hits local residents
SALINAS » With the disclosure late Thursday that roughly 4,200 Monterey County residents’ personal information, including Social Security numbers, may have been compromised by a breach into the computer network of a nonprofit group, questions remain about why it took well over a month for the county and affected residents to be notified.
Oakland-based Seneca Family of Agencies operates the Kinship Center on River Road in Salinas, which provides mental health services to area youth, foster care adoption, parent education and caregiver support.
Seneca said in a statement on its website that it discovered that the breach occurred between Aug. 25 and Aug. 27. But Monterey County wasn’t notified until Oct. 13, said Shibaanee Sumeshwar, the privacy officer for the Monterey County Health Department.
“They did take their sweet time,” she said. “They had to hold everything, freeze everything so that took some time.”
In the Seneca statement, the nonprofit emphasized that there is no evidence that there was actual or attempted misuse of the information, and it is “in an abundance of caution” that it is notifying everyone whose information might have been compromised.
Contacted by phone Friday morning, Seneca chief executive Leticia Galyean was measured in her response to questions, declining to address the reasons behind the length of time between discovery and notification..
She would identify the perpetrator only as an “outside unauthorized individual” and that the investigation was turned over to law enforcement. She wouldn’t say whether the individual was known to the nonprofit. The gap between the dates could be due to Seneca conducting a full investigation that would include forensic investigation of the servers, a timeconsuming ordeal.
“As soon as we found out we went about identifying impacted individuals,” she said. “We were victimized by a cyber attack — we
are not immune to that.”
Indeed, no one is. The El Cajon-based Identity Theft Research Center reports the number of data breaches so far this year has already surpassed the total number in 2020 by 17%. This could be a record-breaking year for data compromises, the research center reported.
The type of information breached varies by individual, but Seneca said it includes names and one or more of the following data: date of birth, Social Security number, address, phone number, email address, medical record number, treatment or diagnosis information, health insurance information, Medicare/Medicaid number, provider name, prescription information, driver’s license/state identification number, and digital signature.
“Upon discovering this incident, we reset account passwords and implemented additional security measures to further protect information,” Galyean said.
In addition to the Kinship Center in Salinas, Seneca oversees providers in Southern and Northern California and Washington. It has centers in nearly all Bay Area counties.
Seneca is providing potentially impacted individuals with access to credit monitoring and identity protection services as an added precaution. Any questions about this incident or how to enroll in the credit monitoring and identity protection services can be directed to 855-675-2841, Monday through Friday, except holidays, from 6 a.m. to 6 p.m. Pacific Time.
The nonprofit recommends potentially compromised people remain vigilant against identity theft and fraud by reviewing credit reports and account statements for suspicious activity. Under U.S. law, people are entitled to one free credit report annually from each of the three major credit reporting bureaus: TransUnion, Experian and Equifax. Information on ordering credit reports is available at www.annualcreditreport.com or by calling 1-877322-8228.