Security and transparency
By Congressman Joe Pitts
Shortly before Christmas, during the midst of the busy shopping season, hackers stole 40 million credit card numbers from Target. The same hack yielded 70 million records for customers’ phone numbers, e-mail addresses, and home addresses. High-end department store chain Neiman Marcus got hit by a similar attack. Some of their customers reported fraudulent charges on their cards.
Identity theft is a huge and growing problem. According to the Department of Justice, more than 16 million Americans were hit with identity theft in 2012. Financial losses totaled more than $24 billion in that year.
The vast majority of victims find out that their identity has been compromised because a financial institution has informed them. If a consumer doesn’t get informed promptly, the damage can be significant. Half of people who took more than six months to get their identity theft cleared up reported facing severe emotional distress.
Perhaps the worst part of identity theft is that the victim usually wasn’t doing anything risky. In 2014, almost everyone uses a debt or credit card at the cash register.
This year, Americans are for the first time required by law to have health insurance. To meet the requirements of Obamacare, that has to be a government-approved plan. Whether you sign up for a plan through a navigator, or on the phone, or by paper, the application is entered onto the website. Tens of millions of Americans, even if they didn’t buy a plan, submitted personal information to Healthcare.gov and other state sites.
With all these problems, there are tremendous concerns that the sites lack proper security controls. Shortly before the website went live, one federal official refused to sign the security statement believing that there was a great risk of endangering personal information.
Even systems thought to be secure face new and exotic attacks. A relatively new system full of glitches and sloppy fixes is even more at risk. At the beginning of the year, I introduced legislation to require the government to alert individuals if their personal information has been stolen or inadvertently disclosed. Whenever there is a breach, the Department of Health and Human Services would have two business days to alert consumers.
This bill passed the House with overwhelming support from both Republicans and Democrats. With 291 yes votes, the bill had a veto-proof majority.
The House followed this up the next week by passing a bill introduced by my colleague Rep. Lee Terry (R-NE) that would require the government to give weekly reports of basic information about the website. This would include information on problems and glitches facing website users. This bill also passed with 33 Democrats supporting it.
The American people have a right to know what is going on with Healthcare.gov and other exchange websites. Security and transparency have to be priorities when personal information is being stored in government databases.