Date Reported:
2/15/08

Organization:
Crossline Ministries of Carthage (MO)*

*"Crosslines is a food pantry and clothing bank for low-income families in the Carthage area." - Source: KOAM-TV 
"Crosslines has been working to help the less fortunate in Carthage for 23 years" - Source: The Carthage Press

Contractor/Consultant/Branch:
None

Victims:
Clients

Number Affected:
2,000

Types of Data:
Names, ages, and Social Security numbers

Breach Description:
The Crosslines Ministries of Carthage offices were burglarized sometime between 5PM Thursday and 8AM Friday, February 15th 2008.  Computer equipment and files containing sensitive personal information belonging to clients are missing.

Reference URL:
The Carthage Press online story
The Carthage Press online story (updated)
The Joplin Globe online story
KOAM-TV Channel 7 News story

Report Credit:
John Hacker, The Carthage Press

Response:
From the online sources cited above:

One of the largest aid agencies in Carthage was burglarized overnight Thursday night or Friday morning

(Carthage Police Detective Randee) Kaiser said among the items stolen were paper files containing names, addresses, social security numbers and other personal information of 2,000 individuals served by Crosslines.
[Evan] Why does Crosslines collect and store Social Security numbers?  I don't understand the need to give a Social Security number in order to donate or receive aid.  Nuts.

"They stole files, hard copies, a whole box of papers from the ministry," Kaiser said. "We can't say what else they took and we have no indication of why they took the box of papers in the first place or whether they knew what they were taking."
[Evan] There isn't any real value in paper (of this quantity), so it's a pretty good guess that the theives are interested in the information.

Kaiser recommended that anyone who has given personal information belonging to themselves or family members to Crosslines should take steps to avoid potential identity theft.

Kaiser said the burglar or burglars forced their way into the ministry.

Kaiser said with the files missing, Crosslines doesn't have any way to notify the people affected of the incident, which is why the police, in cooperation with Crosslines are reaching out to potential victims through the media.
[Evan] No backup information either, so Crosslines does not know who may be affected.

An emotional Belle Lown, director of Crosslines Ministries, vowed to continue helping people in and around Carthage despite the burglary

Lown said the person who broke into the building sometime late Thursday or early Friday seemed to know what he or she was looking for

Lown said whoever got into the building breached a fairly sophisticated security system to get in.

"We're beefing up security in the building," Lown said.

Lown said the burglar also got her computer system. The burglar also seemed to be looking for specific items in Crosslines' inventory of clothing, food, soap and toiletries, and other products.

Commentary:
This is a sad breach to read and write about.  I admire what Crosslines Ministries does and I feel for the people involved.  The person or persons responsible for this breach took this a little too low by stealing the personal information.  If the burglar(s) only took hardware, food, and clothing than this would be almost (ephasize almost) acceptable.

I am very curious to know why Crosslines needs to accept and store personal information, and I wonder what the options are for doing things in a better way.  If Crosslines MUST collect and store personal information, then obviously they should do so more securely.

Maybe there is an information security consultant (preferably local to Carthage, MO) out there that would like to donate some free service?  Crosslines can be reached at (417)358-1577

Past Breaches:
Unknown