Mass. DVMs included in identity-theft scare

BOSTON — Veterinarians in Massachusetts were snared in the latest identity-theft scare involving some 450,000 licensed professionals.

Tips for protection

Despite their career differences, veterinarians, hairdressers, athletic trainers and more than two dozen other licensed professionals can be lumped into the same demographic: potential identify-theft victims.

Social Security numbers (SSNs) were mistakenly released by the Massachusetts Division of Professional Licensure (DPL) while processing almost 30 routine public-information requests.

Those professionals licensed by the DPL and Division of Health Professions Licensure (DHPL) had personal information downloaded by mistake onto 28 computer disks and sent to multiple organizations nationwide in early September.

All the disks were recovered and there were no reports of illegal use of SSNs from the professionals affected, says Kofi Jones, spokeswoman for the state Executive Office of Housing and Economic Development, DPL's overseeing agency.

The organizations say the error will not recur. "We are taking action to ensure this doesn't happen again in this administration. We're pleased to report all the disks have been returned to DPL and we have been able to significantly reduce any risk to the licensees," says Jones, who did not return calls to confirm the number of state veterinarians directly impacted.

The 29 professions were victims of "a programming error and the upgrading of computer hardware and software" that "inadvertently" and "erroneously" included the SSNs with public information, says George K. Weber, DPL director, in an October letter to affected licensees. The mistake was noticed a week after the mailings by a DPL employee, Jones says.

"As soon as we realized the error was made, we immediately contacted all recipients and requested they return the information unused. They promptly complied. We have no reason to believe any of the information was even accessed," she says.

But licensees remain concerned and have inquired about the situation through an office-arranged hotline.

"We've received a number of phone calls and e-mails from concerned licensees with questions about the safety of their information, and we've responded quickly," Jones says.

Despite assurances that the situation was quickly contained, at least one veterinarian remains outraged.

"Having something like this go out in market data is a colossal mistake. It is a violation of public trust," says John De Jong, DVM, Massachusetts practice owner and president of the New England Veterinary Medical Association. "I wouldn't think the government would go about giving out Social Security numbers to companies. Something is fundamentally wrong with that."

DPL and Jones's office remain steadfast that they are taking all needed action to protect licensees. "Everyone who returned the disks stated that he or she did not retain any information from these disks," Weber says. The division is also working to collect certifications from all disk recipients stating they did not copy or download any disk information, or if they did, it has since been deleted. According to the letter, 20 certifications had been obtained.

The agencies sought the information for marketing. "None of the individuals who received the disks indicated they were even aware the disks contained Social Security information," Weber says.

But that may not be enough for De Jong. "It is out there. Who knows where it can go from here?" he asks. "We all hear about it, any American citizen hears about it all the time. I know of some people it [identity theft] has happened to, and when you hear their stories, it is quite frightening."

An information-security firm is reviwing DPL's current practices and will create new protocols for handling sensitive information, Jones says.