Charities tighten data after thefts
Identity theft hadn’t really been a worry for the Society of St. Vincent De Paul in St. Petersburg.
The Catholic charity provides shelter and serves food for the area’s needy, feeding between 600 and 900 homeless people a day.
Federal regulations require keeping records on clients, including their Social Security numbers and dates of birth. That data is shared among local social service providers, in part to prevent fraud.
But when a homeless man who had eaten a meal at one of the St. Vincent De Paul facilities learned he had been the victim of tax fraud identity theft, alarm bells sounded, said Michael Raposa, executive director.
Raposa said he learned authorities were investigating a multimillion identity theft tax fraud ring in the area. Working with investigators, Raposa realized that hundreds of people at local charity organizations had access to a database with personal information of tens of thousands of the region’s needy population — an attractive trove for identity thieves.
As the investigation progressed, it turned out that the database had not been the source of the homeless man’s identity theft, Raposa said. But the incident was a wake-up call.
Raposa said he talked to the database administrators. “We immediately locked it down,” he said.
Today, only a few people have access to full Social Security numbers in the database, which now displays only the last four digits to most users.
Rick Taveras, special agent supervisor for the Florida Department of Law Enforcement, said the St. Vincent De Paul experience is “a good example of a company recognizing that they need to do better and then going on and actually make the changes necessary to do better.”
Taveras said the charity database also was changed to allow tracking of who gains access to personal information.
“We need to make sure were going to all lengths to protect that data, especially for the vulnerable,” Raposa said.