More than 20 years worth of personal and investigative Sheriff's Department records from Mesa County, Colo. were inadvertently posted online, where they remained for several months.
How many victims? As many as 200,000.
What type of personal information? Secure law enforcement files that included the names of confidential informants, emails about crime victims and homicide investigations. In addition, the files included the names, Social Security numbers and addresses of current and former sheriff's office employees, along with the names of employees' spouses, children and schools the children attend.
What happened? An employee in the county's information technology department in April loaded the files onto what he believed was an encrypted county server while working on a project to integrate law enforcement computer databases.
The information was instead posted to a county URL that was not password protected. Authorities have determined that the data was accessed by someone outside the country in late October. The data was also accessed multiple times from local, national and international computers.
The site was taken down on Nov. 24, after an individual found their name mentioned in the files while searching the internet and notified authorities.
Quote: “My flush reaction is it's obviously a cyber disaster,” said former Sheriff Riecke Claussen. “I think that obviously with the type of information that the sheriff's office deals with, that security of information is of top concern.”
Details: The employee responsible for the breach, whose name hasn't been released, is no longer working for the county. Authorities are still determining the extent of the breach and do not know how many people obtained the information or how much of it remains online on other sites.
What was the response? County administrators are working to notify affected individuals.
Source: GJSentinel.com, Grand Junction Daily Sentinel, “Breach could put people at risk,” Dec. 3, 2010.