Almost 2 million Michigan residents had their names and Social Security numbers potentially exposed due to when a software update went awry opening the information to outsiders.
How many victims? 1.87 million
What type of information? Names, Social Security numbers and wage information, but not birthdates, addresses or phone numbers. Those affected are all Michigan state employees.
What happened? The information was exposed and unprotected from October 10, 2016 until January 30, 2017 when the error was found and quickly fixed. The incident occurred when a scheduled software update that took place in October that was performed by a third-party vendor opened to the data to authorized users of the Michigan Data Automated System. Data these people were not authorized to view.
What was the response? The state is in the process of informing all those affected and is working with the Michigan State Police Cyber Command Center to investigate the incident. The state does not believe the exposed data has been accessed or used for any malicious purpose.
Quote: “Data security is a top priority for the state of Michigan,” said DTMB Director and State CIO David Behen. “We will work with our third party vendors and our state team to review our processes and procedures to avoid incidents like this in the future.”