Fla. agency puts Social Security numbers on Web
TALLAHASSEE (AP) – A state agency accidentally put the Social Security numbers of about 250,000 job seekers on the Internet for 19 days in October before another agency noticed the security breach, officials said Thursday.
Data on customers aided by the Agency for Workforce Innovation’s One-Stop Career Centers between January 2002 and November 2007 was placed on a test server, where people searching the Internet might have been able to find it.
“We are thoroughly investigating this matter and are making every effort to enhance the security of our computer systems,” said agency director Monesia T. Brown.
No one has been disciplined as yet and investigators are trying to determine exactly what happened, said agency spokesman Robby Cunningham.
The problem occurred when agency staffers used the information to test the server, a computer device, they thought was connected only to the agency’s in-house system, not realizing it also was linked to the Internet, Cunningham said.
The Department of Revenue discovered the breach Oct. 28, Brown said. She said the data was immediately removed and major Internet search engines and providers were notified to make sure it didn’t wind up elsewhere on the Web. Law enforcement authorities also were called.
Brown said she had no reason to believe personal information has been accessed for unlawful purposes.
“It was never posted on a Web site,” Cunningham said. He said someone, though, could have stumbled across it while doing an Internet search.
The agency handles labor-related functions for the state and its Career Centers help people find jobs and employers find workers.
Affected customers are being notified.
“We started sending out the letters at the beginning of this week,” Brown said. “We’re sending them out by the thousands because we obviously want to make sure that we get that information out as quickly as possible.”
People also can determine if their information was included in the breach through an agency Web site: www.floridajobs.org/security/.
The agency will respond to those who type in their names and last four digits of their Social Security numbers “to verify whether they were included and captured in that list or not,” Brown said.
The state attorney general’s office is advising those who have been affected to review credit and debit card statements and monitor all transactions. Any unauthorized activity should be reported to the credit card company or bank.
Cunningham said the Revenue Department and a Washington, D.C., civil liberties advocacy group called the Liberty Coalition are the only entities or people the agency knows of that accessed the data.
Liberty Coalition spokesman Aaron Titus called the breach “sheer stupidity.”
“Everyone knows you don’t do this,” Titus said. “There are simple things you can do to prevent this.”