Font Size: 
Lawyers' Personal Info Swiped in Burglary of Nonprofit
The Recorder
December 03, 2008
Identity theft was on the mind of many of California's appellate lawyers Monday as word spread about the mid-November theft of a disk containing attorneys' names, Social Security numbers and other personal information from a Sacramento-based nonprofit law firm.
In a letter that arrived in most law offices just before the Thanksgiving holiday, the Central California Appellate Program -- which supplies lawyers for indigent appeals in Sacramento's 3rd District Court of Appeal and Fresno's 5th -- advised current and former panel members that the disk was in a safe stolen from an off-site storage facility on Nov. 15 or 16.
The backup data disk, which was password protected, contained not only the names and Social Security numbers of attorneys who receive appellate work through CCAP, but also federal tax identification numbers, addresses, telephone numbers and e-mail addresses.
"A report has been filed with the police and CCAP is fully cooperating in their investigation," CCAP Assistant Director Gary McCurdy wrote in the two-page letter dated Nov. 21. "To date, we have not received any reports of identity theft relating to this incident."
It wasn't clear on Monday how many attorneys could be affected, and the CCAP Web site gives no indication of the number of lawyers who work with the program. Neither McCurdy nor CCAP Executive Director George Bond returned calls seeking comment on Monday.
Attorneys contacted Monday said that while the news upset some CCAP panelists, most took it in stride and didn't blame the agency.
"I subscribe personally to a service provided by American Express that keeps me apprised of any change in my credit," said San Francisco solo Grace Suarez. "[CCAP officials] were doing the best they could."
Berkeley solo Wesley Van Winkle, who said he hasn't worked with CCAP for at least eight years, wasn't overly concerned either, even though his personal information conceivably was on the missing disk, too.
"There's probably a million and one ways someone can get your Social Security number," he said, adding that virtually every credit card or bank card these days is protected by passwords or other security methods.
"Anybody who gave out information or set up a new credit card account in my name," Van Winkle said, "would need more than my name and Social Security number to do it."
He also defended CCAP, saying the agency was victimized by a crime.
"It's not like somebody kind of wandered onto their site on the Internet and downloaded this stuff," he said. "It was on a disk in a safe off site."
In his letter, McCurdy said the disk's theft seemed incidental, saying the robbers took several resalable items, including computer equipment and the safe in which the disk was kept.
He nonetheless suggested attorneys contact a credit monitoring agency for their own protection.
McCurdy also announced that CCAP has taken steps to restructure its backup storage process.
"Backups for data storage and disaster recovery," he wrote, "will now be maintained at a secure, vaulted and encrypted off-site data center, through a fully automated and encrypted process."
St. Helena solo Gordon Brownell, who handles criminal appeals, said he and some others were surprised that the stolen disk wasn't encrypted in the first place.
The theft "has upset a number of panel attorneys," he said. "But I'm not aware of any specific action that people have been taking other than that a number of attorneys are following the suggestion in the letter to sign up for some kind of identity protection program."
The most annoying aspect for some attorneys was CCAP's decision to advise members through regular mail. McCurdy's letter was dated five days after the burglary and arrived in most law offices at the beginning of a short Thanksgiving work week.
"That should have gone out in an e-mail right away," Suarez said.
