Highly sensitive info could have been used for fraud

Jun 4, 2015 09:32 GMT  ·  By

Patient information belonging to thousands was found in boxes thrown in a dumpster bin in Richmond, Kentucky, after someone cleared an abandoned storage unit.

The storage unit is managed by AAA Rent-A-Space and had been abandoned since July 2011, but its contents remained untouched until a new customer rented the space recently.

Data was properly sealed

The employee that emptied the unit did not look inside the boxes and simply took them to the trash. In total, there were 65 boxes with medical records from a radiology facility that shut down in the early 2000s.

According to ABC 36 News, Carl Swanger, the man who found the sensitive content, took it to Baptist Health hospital nearby, believing that the data came from there. Upon inspecting the files, the hospital realized that the data had been collected by Richmond Radiology.

Apart from patient information, such as full names, birth dates and probably addresses, the data available in the documents included social security numbers and credit card numbers.

The boxes had not been opened as they were properly taped up and secured, indicating that the risk of having been exposed to malicious actors is virtually non-existent. More than this, the hospital said that someone probably wouldn’t have known what was in the boxes without taking a look inside.

Baptist Health said that they would keep all the records and try to find the owner of Richmond Radiology to destroy them in an appropriate manner, which would be shredding them.

Exposed SSNs can be used for fraudulent activity

Social security numbers (SSNs) combined with addresses can be used for filing fraudulent tax return forms. This illegal business has taken wings in the past years, with fraudsters requesting millions of dollars in refunds from the Internal Revenue Service (IRS).

Criminals are often working with individuals in a position to obtain such data from different organizations collecting and storing it, such as banks and even government institutions.

Back in April, a report emerged about a prison guard that used inmates’ names and SSNs specifically for the purpose of getting illegal refunds from the IRS in their name. For three years, he was able to get $356,000 / €327,000 in illegal tax returns.

More recently a former IRS employee pleaded guilty to filing more than 356 false tax returns, which brought her $326,000 / €290,000.

However, this is not the only risk victims whose SSN is stolen are exposed to, as crooks can also apply for bank credit in their name.