300K exposed in California data breach

Identity theft prevention service provider Identity Finder reportedly discovered that a website exposed documents containing hundreds of individuals’ health information and database files containing approximately 300,000 names and Social Security numbers of California residents who applied for workers' compensation benefits.

Identity Finder notified the website’s owners, Southern California Medical-Legal Consultants (SCMLC) of the breach in May, and SCMLC restricted access to all files within minutes of notification, according to Identity Finder of New York City.

Security researchers at Identity Finder discovered several gigabytes of .dbf, .xls, .cdx and .pdf files containing confidential information. According to the firm, the files were neither encrypted nor password-protected, and some were cached by at least one search engine.

Identity Finder subsequently worked with Google to clear search engine caches and provided SCMLC with a report.

SCMLC launched an internal investigation and issued a statement on June 11 announcing that the electronic files containing names and social security numbers of individuals had been exposed to unauthorized access.

“The information was stored on a computer that was intended for internal purposes only, and not linked to or accessible from any of the company’s public web pages,” according to a statement from Long Beach, Calif.-based SCMLC. “The data security firm has assured SCMLC that they have not and will not distribute any of the information they accessed and that their purpose in accessing the files was the prevention of identity theft.”

Identity Finder found the data contained patients’ confidential health records and other personal details. The largest cache of personally identifiable information included approximately 300,000 Social Security numbers belonging to workers’ compensation beneficiary applicants.

The Identity Finder DLP report included a summary of statistics such as:
  • 311,778 unique Social Security numbers;
  • 33,146 non-unique dates of birth;
  • 76,848 non-unique phone numbers; and
  • 39,669 non-unique Postal Addresses

As of press time, SCMLC had not returned a call for comment.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.