US health care company faces giant class action suit for losing over 4,000,000 unencrypted records
Back in July 2013, four computers were stolen from a large health care provider in Illinois, USA.
At first blush, it doesn't sound like "Crime of the Century," but according to reports, those missing computers have become a huge thorn in the side of Illinois-based Advocate Health Care.
That's because the computers contained Personally Identifiable Information (PII) of patients going right back to the 1990s - four million of them, in fact.
The computers were password protected, whatever that means, but the data on their hard disks was not encrypted.
In theory, then, if you were to put the hard disks into another computer, or boot the "protected" computers from a CD or USB key, you would almost certainly be able to copy off any or all of those four million records.
The stolen data is said to have contained at least names, addresses, dates of birth and Social Security numbers (SSNs).
SSNs are the closest thing that the US has to a national identity number, giving them an influence in identity and identification that they don't really deserve.
With your address, date of birth and SSN, an identity crook has a pretty good shot at committing fraud in your name.
So, Advocate has apparently already been hit with the expense (and hassle) of contacting the affected patients, and of offering them a year of free credit monitoring.