What to do after a data breach
Vandals who ransacked a state office in Sacramento in February stole 12 government computers and briefly had access to the personal health records of 582,000 people, the state Department of Developmental Services disclosed on Friday.
The group also had access to personal information regarding 15,000 state employees, contractors, job applicants and the parents of minors enrolled into the department's programs. The department oversees state centers and regional nonprofits that serve Californians with developmental disabilities, such as cerebral palsy, epilepsy and autism.
It is the second data breach the state has announced in recent months. In February, officials said Social Security numbers and other personal information of state employees and contractors at the Department of Fish and Wildlife may have been compromised in December.
State officials do not believe that the vandals in the DDS breach have misused personal data they might have seen during the Feb. 11 break-in. It published a press release eight weeks after the incident "out of an abundance of caution."
It's also mailing letters to people whose personal information might have been compromised. The letters include guidance on how to set up fraud alerts with credit reporting agencies.
The department said in its news release that an unidentified group of people broke into its Sacramento legal and audits office, where they ransacked files and started a fire. The fire triggered the office's sprinkler system, which in turn damaged paper documents.
The department does not have evidence suggesting that the thieves took paper documents with them. The computers they stole are encrypted, and the department cybersecurity checks have shown that no one has inappropriately accessed its computer network.