COVID tests at California prisons linked to ‘potential breach’ of visitors personal data

CDCR did not say how many people were affected, but said there is no indication that the data — which could include Social Security numbers, driver’s license information and other information — had been misused


By Sam Stanton
The Sacramento Bee

SACRAMENTO, Calif. - California prison officials say a “potential breach” of its data systems may have compromised medical information for staff, visitors and others who were tested for COVID-19 by the state Department of Corrections and Rehabilitation between June 2020 and last January.

“The potential breach was discovered in early 2022, following routine maintenance on one of our information systems,” the department said in an announcement Monday. “The breach also potentially included other medical information for a portion of the incarcerated population going as far back as 2008, as well as some financial information.

A guard tower stands at Folsom State Prison in 2021. On Monday, Aug. 22, 2022, California prison officials announced a data breach of its systems that may have exposed personal information including Social Security numbers. (Photo by Xavier Mascareñas/MCT)
A guard tower stands at Folsom State Prison in 2021. On Monday, Aug. 22, 2022, California prison officials announced a data breach of its systems that may have exposed personal information including Social Security numbers. (Photo by Xavier Mascareñas/MCT) (Xavier Mascareñas/MCT)

“Following the discovery of the potential breach, department staff took immediate action, and suspended all of the affected systems. The department also notified authorities, and began a multi-agency investigation that concluded this summer.”

CDCR did not say how many people were affected, but said there is no indication that the data — which could include Social Security numbers, driver’s license information and other information — had been misused.

“At this time, it appears there is no sign of anyone accessing, copying or even looking at the information,” CDCR said. “However, the information in that file sharing system included medical information from everyone who received a COVID-19 test in the department from June 2020 through January 2022.

“For the incarcerated population in the Mental Health Service Delivery System, the information included their name, CDCR number, mental health treatment, mental health history, and mental health diagnosis. Additionally, information in the Trust, Restitution, Accounting, and Canteen System (TRACS) was also potentially involved. This information includes records of transactions made to and from trust accounts since 2008, as well as some trust account numbers.

“Information about people on parole who are in substance use disorder treatment programs may have also been involved. Some of the data included Social Security numbers, driver’s license numbers, and trust account information. However, the investigation did not reveal any evidence this information was copied or downloaded.”

CDCR set up toll-free phone numbers for anyone who may have been affected: Staffers and members of the public can call 888-661-2471 during business hours for more information, while current or former inmates can call 888-661-2467. The lines will be open for 90 days, CDCR said.

The department also set up a webpage offering additional information on when the data was exposed and how it was detected.

“The exact date is not known, but in January 2022, CDCR discovered some suspicious activity in a file transfer system dating back to December 2021,” the department said. “CDCR IT staff took immediate action, suspending the affected system. The department also notified authorities, and began a multi-agency investigation.

“In late June, that investigation revealed someone or something entered the system without permission. Fortunately, there was no sign that anyone looked at or copied your information.”

McClatchy-Tribune News Service

Request product info from top Jail Management Software companies

Thank You!

By submitting your information, you agree to be contacted by the selected vendor(s) and that the data you submit is exempt from Do Not Sell My Personal Information requests. View our Terms of Service and Privacy Policy.

Copyright © 2022 Corrections1. All rights reserved.