Data Leakage Prevention Software Minimizes Exposure of Health Records, PHI, and PII

NEW YORK and SEAL BEACH, CA – August 22, 2011 – Identity Finder, LLC (www.identityfinder.com), a global leader in identity theft prevention and data loss protection (DLP), discovered that a website exposed documents containing hundreds of individuals’ health information and database files containing approximately 300,000 names and social security numbers of California residents who applied for workers' compensation benefits.  Identity Finder notified the website’s owners, Southern California Medical-Legal Consultants, Inc. (SCMLC), of the breach on May 11, 2011 and SCMLC restricted access to all files within minutes of notification.

"Identity Finder is in a race against identity thieves," said Todd Feinman, CEO of Identity Finder. "If we don’t help companies discover exposed data, thieves will find them first and harvest social security numbers for illicit use or trade the knowledge of their existence so others can steal them."

The risk to victims’ is far lower than it could have been thanks to Identity Finder’s discovery and SCMLC’s remediation.  Recent trends show that when unethical hacking groups find personal information, they are now more commonly posting that information to the internet for everyone to see and potentially download for identity fraud.

Security researchers at Identity Finder discovered several gigabytes of .dbf, .xls, .cdx, and .pdf files containing confidential information by using the Identity Finder DLP enterprise software and manually searching internet search engines for common keywords. The files were neither encrypted nor password-protected and some were cached by at least one major search engine.  Identity Finder subsequently worked with Google to clear search engine caches and provided SCMLC with a comprehensive report generated by Identity Finder DLP software. SCMLC launched its own internal investigation and issued a press release.

Identity Finder analyzed the data using their sensitive data discovery software that automatically finds health records, social security numbers, and other types of confidential information.  It found that the data contained patients’ confidential health records and other personal details.  The largest cache of personally identifiable information included approximately 300,000 Social Security Numbers belonging to workers’ compensation benefits applicants.  A detailed analysis of the data was provided to SCMLC in the Identity Finder DLP Report and a summary of statistics is below:3,875 uncompressed files contained personally identifiable information
  • 311,778 unique Social Security Numbers
  • 33,146 non-unique Dates of Birth
  • 76,848 non-unique Phone Numbers
  • 39,669 non-unique Postal Addresses
"Businesses that store any sensitive information should be using DLP software to find and protect data-at-rest," said Feinman.  "By combining business processes with technology such as Identity Finder, companies can prevent or minimize data breaches."

About Identity Finder
The company’s technology provides users the ability to prevent identity theft and data leakage by searching and securing sensitive data that could be used to commit identity fraud. They have quickly grown to become a leader in identity protection and Data Loss Prevention (DLP) by helping millions of consumers, small businesses, and enterprises across the world.