The Department of Health Care Services is apologizing for putting social security numbers on the front of envelopes sent to recipients, right above the person's name and address, exposing them to potential identity theft.
The state claims they're doing everything they legally can to minimize the impact on those affected, but many seniors and their advocates say that's not good enough.
There was already a lot of anxiety among those who depend on Adult Day Care Services thanks to proposed budget cuts. Now, add fear from a mistake by the state that exposes an already vulnerable population to potential fraud.
"My daughter and I were kind of horrified," Adult Day Care Services client Elaine Matson told ABC7.
Matson was just one of 100 clients at the Mt. Diablo Adult Day Care Center who received a letter from the State Department of Health Care Service, warning of possible program cuts. That was scary enough for those clients, but then the envelope the letter came in had the recipient's full social security number printed right above their name and address for all the world to see.
"I don't know how they're going to straighten this out because it's almost too late," Matson said. "Those numbers are already out there floating around."
State officials say the letters went out to 49,000 people, mostly frail and elderly.
"At this time, we are not aware of unauthorized use of this information," said Karen Johnson at the California Department of Health Care Services.
Debbie Toth is the executive director of the Mt. Diablo Center, part of a larger group of agencies that has filed a lawsuit to stop the state from cutting services to thousands of current recipients.
"I didn't understand why the letter was sent in the first place, considering we're in the middle of a lawsuit right now," she said.
The state claims they had to send the letters to warn of possible changes, regardless of the lawsuit. As for the social security numbers, health services says they have corrected the problem.
"Further, we are asking and advising them to contact the three credit reporting agencies, so that they can put a fraud alert on their account," said Johnson.
"I can't navigate through calling all the credit bureau agencies and dealing with that," Toth said. "But, we're going to ask somebody completely frail, elderly, maybe memory-impaired, someone with a stroke who has difficulty speaking, to call and talk to all these folks?"
49-year-old Ramon Evaristo had a stroke. He cannot call the credit bureaus, but has a clear opinion about what happened.
He says, "It's illegal."
Advocates for the elderly and disabled say it is the state that should be calling the credit bureaus on behalf of each and every individual whose information was exposed. But, one state official told ABC7 Tuesday that that would further compound the original mistake. The state will not and cannot contact credit bureaus directly on behalf of individuals, due to privacy laws.
Health Care Services spokesman Norman Williams says his agency is working on a plan to provide credit monitoring for those individuals who had their private information exposed. Williams said the three major credit agencies would actively monitor the credit accounts and records of those affected for a period of time, perhaps a year.
This is a service they will offer directly to the beneficiaries, who would then contact the credit bureaus themselves and either be offered or ask for the monitoring, but the state will pay for it.
"This helps prevent fraudulent activity by those who may try to use the social security numbers to commit fraud or identity theft," Williams said.
Once the state completes its investigation of the incident, according to Williams, it will determine how the cost of this service will be shared between the state and its vendors. Letters will go out by the end of the week notifying beneficiaries about the service.