What happened? The credit card and checking account information of 1,200 people who had enrolled in the youth recreation programs of Encinitas, Calif. was posted on the city’s website for about three months.
Waiver documents containing the names, ages and addresses of children participating in the programs in 2001, 2002 and 2003 were also exposed.
Details: The data was in a public folder on the website for about three months and was removed immediately after they were reported on June 26.
No one from outside the city opened the folder, according to Jace Schwarm, city risk manager.
What was the response? The city sent notices to all victims, encouraging them to review accounts for suspicious activity and place fraud alerts on accounts.
Quotes: “We absolutely have taken steps,” said Schwarm. “We have notified all the departments when scanning any kind of documents to beware of confidential data.”
“Let’s say the mother is a battered spouse and is in hiding, or if the parent is a cop,” said Beth Givens of the Privacy Rights Clearinghouse. “For a variety of reasons, there are lots of individuals who need to keep their home addresses private.”
For help: The city has set up a phone line for inquiries about the breach: (760) 633-2788.
Source: North County Times, July 12, “Confidential data revealed on Encinitas’ website”