Roughly 1 million blood donors in Missouri and Illinois were warned by the Red Cross last week that personal data on them could have been stolen earlier this year by a former employee and used in identity theft, Computerworld.com reports.
Lonnetta Shanell Medcalf had access to 8,000 blood donors in a database, all of whom were notified. However, the article states that after those warnings were sent out, the Red Cross expanded the scope of identity theft warnings to all 1 million donors because it was concerned that she possibly accessed other records.
The warnings were made through the media and the agency’s website, but the Red Cross didn’t send individual letters.
Four known cases of identity theft occurred among the original 8,000 in the donor database, according to Jim Williams, a spokesman for the regional agency.
The article states the theft occurred when Medcalf, then a blood-drive recruiter, entered random numbers of past donors into the database, then accessed names, Social Security numbers, phone numbers and birth dates of potential victims. She then allegedly opened credit card accounts at several stores using the stolen information and made purchases of more than $1,000.
The Red Cross has since changed the database software to limit access to Social Security numbers, Williams told Computerworld. Only names, phone numbers and birth dates are accessible by blood-drive recruiters, and the agency is working to further improve data security.
Medcalf was indicted on three felony counts of aggravated identity theft and one count of credit card fraud.
For more on identity theft, read Five Ways to Fight ID Theft.
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.
Compiled by Paul Kerstein