“We are comforted to know definitively now that, as we suspected, very few clients had any of their personal information shared,” said Debra Minott, secretary of the FSSA. “Still, if one client’s information is unnecessarily disclosed, that’s one too many. We have received assurances from RCR that the appropriate steps have been taken to correct the original programming error and prevent anything like this from happening again. We will continue to scrutinize their performance very closely.”
FSSA will notify all of the clients of the findings of the report. It will send a letter to clients whose information was breached to let them know they will receive credit monitoring through RCR. FSSA will also send a letter to the vast majority of clients who were determined not to have been impacted by the breach to reassure them their information was not disclosed to anyone else. Lastly, FSSA will send letters to its clients who RCR identified as receiving other clients’ information with specific instructions on how to return the materials to FSSA if they are still in possession of it.
State officials say Indiana Governor Mike Pence and FSSA have directed RCR to put a corrective action plan in place that includes additional design and code reviews as well as increased performance testing.