Breach, Data Security, Incident Response, TDR

Employee at Maryland state agency posts client information online

The personal information of clients of the Maryland Department of Human Resources (DHR) recently was posted on a third-party website, where it remained for nearly three months.

How many victims? 3,000.

What type of personal information? Social Security numbers and other unspecified personal information.

What happened? The information was posted by an employee of the Maryland DHR, a state agency that provides benefits, such as food stamps and other aid, to clients. The employee has since been placed on administrative leave and could face disciplinary action.

The breach was discovered by staff of the Liberty Coalition, a nonprofit that promotes individual freedoms. The group's privacy director, Aaron Titus, said the information was posted from April 27 to July 14.

Staff members at Liberty Coalition tried to notify DHR officials about the breach on July 9 but were unsuccessful until July 12. The data was taken down on July 14.

Details: There currently is no evidence that the information was used for identity theft.

Quote: "We take the privacy of the data that's entrusted to us very seriously," said DHR spokeswoman Nancy Lineman.

What was the response? An investigation into the incident was initiated. Affected individuals are being notified and offered a one-year subscription for credit monitoring services.

Source:, The Baltimore Sun, “State employee posts nearly 3,000 SSNs online,” July 19, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.