Housing wait list posted online contained personal data

Share this article:

A spreadsheet posted online contained sensitive information on nearly 1,000 clients of Pierce County Housing Authority in Washington.

How many victims? 979.

What type of personal information? Names and Social Security numbers were among the information that was posted.

What happened? A spreadsheet containing sensitive information on nearly 1,000 people on the Section 8 housing wait list was posted publicly on the Pierce County Housing Authority website. An investigation is ongoing, but it appears that a former employee may have had a hand in accidentally posting the file.

What was the response? Upon discovery, the housing authority's Florida web team was contacted and the website was shut down for two hours to remove the file. Pierce County Housing Authority is sending letters to all potentially affected clients. The agency is offering classes for clients on what protective actions to take, but regrets it is unable to provide free credit reports due to the high costs involved.

Details: An applicant on the wait list discovered the list on the Pierce County Housing Authority website sometime between Sept. 2 and Sept. 6 and alerted the agency, which immediately worked to take the file down. An investigation is ongoing to determine how long the file was posted and who accessed it, as well as how the file ended up online. A former employee, whose departure has nothing to do with the breach, may be responsible for the file not being encrypted or password protected.

Quote: “It's very disturbing as you can imagine,” said Karen Hull, the Pierce County Housing Authority executive director. “Originally we were waiting for the data people to come back with an answer and unfortunately that didn't happen.”

Source: komonews.com, KOMO News, “Breach leaves nearly 1,000 at housing authority at risk for fraud,” Sept. 10, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.