Another reason why gun permit lists can be a problem

[Skinny Shooter]

http://www.readingeagle.com/re/lead/1565097.asp

Gun owners become target for ID thieves
A company doing work for Berks County apparently leaves the personal information of county gun-permit holders including their Social Security numbers exposed on the Internet.
By Dan Kelly
Reading Eagle


At least two people, including an Internet user in China, accessed a supposedly confidential list of some of Berks County's 25,000 gun-permit holders, Sheriff Barry J. Jozwiak confirmed Thursday.

Jozwiak said the information included names, addresses and Social Security numbers.

He said he is investigating how a company that is developing a Web-based computer records program for his office exposed the information by neglecting to block Internet access.

County officials said they don't know how many names were exposed or for how long. They stressed there is no evidence that anyone did anything with the list but view it.

Jozwiak acknowledged that his staff provided a partial list of permit holders to county computer experts who forwarded it to Canon Technology Solutions, Conshohocken, Montgomery County, about a year ago.

Jozwiak said the program Canon is developing was intended for use only by his employees.

According to the sheriff, no one knows how many or which names were forwarded to Canon or how long they were exposed on the Web.

“I'm really mad about this,” he said.

Jozwiak said he is trying to determine whether his office or Canon should notify the permit holders of the security breach.

Canon officials were unavailable for comment.

The security breach came to light when an employee of a Silicon Valley software firm in alerted county officials Tuesday from California.

“It appears that your database of firearm owners is exposed over the Internet, releasing private information including full names, addresses and even SSNs (Social Security numbers) to the world,” Cameron Schmauch wrote in an e-mail to county computer personnel.

“Anyone can browse and search confidential information about registered gun owners and perhaps even add entries,” he wrote.

Schmauch was unavailable for comment.

A subsequent check of the site revealed that it also had automatically recorded being accessed by the Internet user in China.

With the information, particularly Social Security numbers, someone could steal another person's identity to buy merchandise or order credit cards, said a computer expert who asked not to be identified.

“You can do a lot more than that,” the expert said. “The Social Security number is a killer.”

The case marks the second time in as many weeks that personal information entrusted to the county has been compromised.

The county human resources department informed employees last week that laptop computers had been stolen from an insurance company and that personal information of both county and city employees might have been compromised.

In that case, county officials advised employees whose information might have been exposed to watch their personal accounts and credit ratings to determine if they had become victims of identity theft.

That case is also under investigation.

Contact reporter Dan Kelly at 610-371-5040 or dkelly@readingeagle