Information on more than 2,000 individuals – including Social Security numbers – leaked outside a secure network because, since 2008, two employees with the Iowa Department of Human Services (DHS) used personal online accounts and storage devices to maintain the data, which goes against department policy.
How many victims? 2,042.
What type of personal information? Names, addresses, Social Security numbers, state identification numbers, dates of birth, health information and incident information.
What happened? Two employees with the DHS used personal email accounts, online storage accounts and electronic devices for work, thus causing personal information to be leaked outside the DHS secure network.
What was the response? A DHS supervisor reported the issue and the department began an investigation. DHS is blocking access to online file storage sites, providing updated materials to staff on IT policy and procedures, and is continuing to require annual cyber training. All impacted individuals are being notified and offered free credit monitoring services.
“Appropriate personnel action was taken,” according to a release.
Details: Through the investigation, which began on Jan. 17, DHS learned that the incidents began occurring in 2008. The compromised information related to Polk County social work assessments.
Quote: “There are no reports that any of the information was misused before it was deleted,” Pat Penning, service area manager for the region, said in a release.
Source: dhs.state.ia.us, “Investigation Leads to Notification of Data Breach,” March 7, 2014.