The New Hampshire Dept. of Health and Human Services “inadvertently” exposed the personal and financial information of 9,300 of the states’ Medicare Part D participants.

State officials claim that the unidentified employee who “mistakenly” attached the information to an email did so “accidentally”, but other unnamed employees express jubilation that the incident qualifies the state for membership in STUPID, States That Undermine Personal Information Defense.

“Earlier membership carries greater honor,” the mole said. “We really were concerned that we would miss the December 31 deadline for 2008 STUPID membership and get left out entirely like Arkansas, Delaware and Wyoming.”

Forty-seven states have now met the criteria by placing their residents at risk of financial, personal, criminal and medical identity theft; no new members will be admitted to STUPID after this year. Instead, member states will vie for honors according to a points system based on the overall number of data breaches, the number of residents exposed and the number of risk categories the data breaches fulfilled. Special honors will be awarded to states whose employees initiate the STUPIDest data breaches.

STUPID Club officers have previously expressed frustration with finalizing the point system structure. Member states delayed the finalization because of a proposal that laptop loss or theft would carry no points. Laptop Information Loss, LIL, will no longer add to the total point tally.

“The officers felt that LIL had become so commonplace that it no longer carried an honor,” a STUPID Club officer said, “and after looking at the data, our member states agreed.”