The personal information of Delaware state retirees was included in a request for proposal (RFP) that made its way onto the state’s website for five days before it was discovered and removed.
How many victims? 22,000.
What type of personal information? Social Security numbers, genders and dates of birth.
What happened? The RFP, which contained sensitive state retirees’ information, was prepared by Aon, a consulting company that provides services to the state of Delaware for health and benefit programs. Aon prepared the document for the state to solicit bids from insurance companies interested in providing vision benefits to state employees and retirees. The RFP was posted to the procurement section of the state website to allow interested bidders access to the proposal document.
State staff discovered and removed the document five days after it was posted.
Details: The document did not include retiree names or current state employee information.
What was the response? Letters are being sent to affected individuals who will be offered one year of free credit monitoring.
Source: http://www.newarkpostonline.com/, Newark (Del.) Post, “State employee retirees’ Social Security numbers posted on website by vendor,” Aug. 30, 2010.