Housing wait list posted online contained personal data

Share this article:

A spreadsheet posted online contained sensitive information on nearly 1,000 clients of Pierce County Housing Authority in Washington.

How many victims? 979.

What type of personal information? Names and Social Security numbers were among the information that was posted.

What happened? A spreadsheet containing sensitive information on nearly 1,000 people on the Section 8 housing wait list was posted publicly on the Pierce County Housing Authority website. An investigation is ongoing, but it appears that a former employee may have had a hand in accidentally posting the file.

What was the response? Upon discovery, the housing authority's Florida web team was contacted and the website was shut down for two hours to remove the file. Pierce County Housing Authority is sending letters to all potentially affected clients. The agency is offering classes for clients on what protective actions to take, but regrets it is unable to provide free credit reports due to the high costs involved.

Details: An applicant on the wait list discovered the list on the Pierce County Housing Authority website sometime between Sept. 2 and Sept. 6 and alerted the agency, which immediately worked to take the file down. An investigation is ongoing to determine how long the file was posted and who accessed it, as well as how the file ended up online. A former employee, whose departure has nothing to do with the breach, may be responsible for the file not being encrypted or password protected.

Quote: “It's very disturbing as you can imagine,” said Karen Hull, the Pierce County Housing Authority executive director. “Originally we were waiting for the data people to come back with an answer and unfortunately that didn't happen.”

Source: komonews.com, KOMO News, “Breach leaves nearly 1,000 at housing authority at risk for fraud,” Sept. 10, 2013.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Laptop stolen from Self Regional Healthcare contained patient data

As least 500 patients of Self Regional Healthcare have been notified that their personal information was on a laptop stolen from a Self Regional facility.

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.