Michigan union employees' data exposed

Share this article:

The personal information of more than 1,000 public employees of Wayne County, Mich., was exposed when a spreadsheet containing their data was inadvertently attached to an email blast.

How many victims? Approximately 1,300.

What type of personal information? Names, employee ID numbers, Social Security numbers, birth dates, addresses and other information.

What happened? An email blast regarding health insurance from the county's department of personnel/human resources was sent out on Friday with a spreadsheet inadvertently attached. The blast was sent to union members of the American Federation of State, County and Municipal Employees (AFSCME) Locals 25, 101, 409 and 1659.

What was the response? Livia Calderoni, director/HR benefits administration division, sent out a letter (on the letterhead of Wayne County Executive Robert Ficano) on March 19 to the affected union members explaining that the spreadsheet containing the personal information was intended only to be used internally to gather email addresses and not meant to be included in the blast.

She explained in the letter that the office then took four steps: recalled the email message through Outlook; the office's technology staff then confirmed that most of the external emails were blocked from being sent out; a follow-up email was sent out to the original intended recipients notifying them of the error and advising them to delete the email; and identity-theft insurance and monitioring services for all affected employees was put in place retroactive to the date the information was released in error.

In her letter, she stated that the office is reviewing its privacy policies and procedures to make certain that this type of data compromise does not occur again in the future. Further, she advised those affected to contact the credit bureaus – TransUnion, Equifax and Experian – to place a fraud alert on credit reports.

Details: Brooke Blackwell, press secretary to Wayne County Executive Robert Ficano, released a statement to local TV station 7 Action News, explaining that a union employee in the county's personnel department inadvertently sent an email to union employees that contained personal information. The message intended to inform some 1,230 AFSCME members of an open enrollment period for health benefits. In addition to the steps being taken noted above, the state of Michigan attorney general's office was notified owing to HIPAA guidelines.

Quote: "If you know of anyone who forwarded or printed out the personal data contained in the file, we ask that you please report this to our office immediately," Livia Calderoni, director/HR benefits administration, Wayne County, Mich., wrote to county employees.

Authorities said the person responsible for the incident would not be disciplined as it was an honest mistake.

Source: 7 Action News, "Wayne Co. sends out email blast containing names and Social Security numbers," last updated March 21, 2012
Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Fate of unencrypted drive unknown, PHI of 5,500 in Virginia at risk

A Virginia-based chiropractic center is not quite sure what happened to an unencrypted thumb drive, which contained personal information - including Social Security numbers - on more than 5,500 patients.

Iowa State server breach exposes SSNs of nearly 30,000

The breach impacts Iowa State students where were enrolled at the university between 1995 and 2012.

Three laptops stolen from New York podiatry office, 6,475 at risk

Nearly 6,500 patients of New York-based Sims and Associates Podiatry may have had personal information compromised after three laptops were stolen.