The Salt Lake County, Utah mayor’s office has sent out approximately 14,000 notification letters to those whose data was exposed in an incident involving workers’ compensation and other damage claims submitted to the County.
How many victims? Approximately 14,000 notification letters have been sent out.
What type of personal information? Names, addresses, Social Security numbers and limited medical information.
What happened? A software services company hired by Salt Lake County improperly set one or more security settings during a scheduled upgrade, and information submitted in connection with workers’ compensation or other damage claims may have been accessible on the internet.
What was the response? All proper security settings were restored. Affected individuals are being notified, and offered a free year of credit monitoring services.
Details: It appears that one individual accessed the files. That individual is cooperating with law enforcement, and law enforcement said he is no longer in possession of the information and the information has not been misused. Salt Lake County learned of the incident on Sept. 9, and all proper security settings were restored on that date. The software services company improperly set one or more security settings on June 18.
Quote: “We want to assure you that we are taking steps to help prevent this type of incident from happening in the future, including ensuring that vendors hired by Salt Lake County have adequate security oversight procedures,” a notification letter signed by Salt Lake County Mayor Ben McAdams said.
Source: An email correspondence with a Salt Lake County spokesperson; doj.nh.gov, “Data Security Incident,” Oct. 9.