Michigan union employees' data exposed

Share this article:

The personal information of more than 1,000 public employees of Wayne County, Mich., was exposed when a spreadsheet containing their data was inadvertently attached to an email blast.

How many victims? Approximately 1,300.

What type of personal information? Names, employee ID numbers, Social Security numbers, birth dates, addresses and other information.

What happened? An email blast regarding health insurance from the county's department of personnel/human resources was sent out on Friday with a spreadsheet inadvertently attached. The blast was sent to union members of the American Federation of State, County and Municipal Employees (AFSCME) Locals 25, 101, 409 and 1659.

What was the response? Livia Calderoni, director/HR benefits administration division, sent out a letter (on the letterhead of Wayne County Executive Robert Ficano) on March 19 to the affected union members explaining that the spreadsheet containing the personal information was intended only to be used internally to gather email addresses and not meant to be included in the blast.

She explained in the letter that the office then took four steps: recalled the email message through Outlook; the office's technology staff then confirmed that most of the external emails were blocked from being sent out; a follow-up email was sent out to the original intended recipients notifying them of the error and advising them to delete the email; and identity-theft insurance and monitioring services for all affected employees was put in place retroactive to the date the information was released in error.

In her letter, she stated that the office is reviewing its privacy policies and procedures to make certain that this type of data compromise does not occur again in the future. Further, she advised those affected to contact the credit bureaus – TransUnion, Equifax and Experian – to place a fraud alert on credit reports.

Details: Brooke Blackwell, press secretary to Wayne County Executive Robert Ficano, released a statement to local TV station 7 Action News, explaining that a union employee in the county's personnel department inadvertently sent an email to union employees that contained personal information. The message intended to inform some 1,230 AFSCME members of an open enrollment period for health benefits. In addition to the steps being taken noted above, the state of Michigan attorney general's office was notified owing to HIPAA guidelines.

Quote: "If you know of anyone who forwarded or printed out the personal data contained in the file, we ask that you please report this to our office immediately," Livia Calderoni, director/HR benefits administration, Wayne County, Mich., wrote to county employees.

Authorities said the person responsible for the incident would not be disciplined as it was an honest mistake.

Source: 7 Action News, "Wayne Co. sends out email blast containing names and Social Security numbers," last updated March 21, 2012
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.