Indiana broke its own record for computer security breaches last month, when a server containing personal data on 700,000 people was stolen from the offices of Central Collection Bureau, a debt collection agency. The stolen data included names, personal billing information, last known addresses, and social security numbers of people who hold delinquent accounts with a variety of companies, including utilities and hospitals. The company said the server was behind “three locked doors” and “was protected by two passwords, but was not encrypted.”
A lot of the data is old and potentially of little value—one hospital says the accounts it passed to the agency were all at least three years old or older. On the other hand, a gas company said that because it only had last known addresses on the accounts it handed over, it actually had no way of contacting the victims to alert them to the theft.
The agency president told the IndyStar, “We’re obviously heartsick about this. We’ve been in business since 1972, and nothing like this has ever happened before.” Responses from companies who had passed their customers over to the agency, however, varied from taking it seriously to regretting any inconvenience. We suspect they’re not feeling too much concern for their non-paying clients.