Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

June Ohio data breach affects Minnesota county employees

Add 562 current or former employees of Ramsey County, Minn., to the list of victims of the June data breach that affected 1.3 million Ohio residents and hundreds of Connecticut state bank accounts.

The breach, which occurred when a data backup drive was stolen from the car of an Ohio state intern, also affects hundreds of public-sector employees in the St. Paul region, according to Ramsey County spokesman David Verhasselt.

“We were very disturbed to hear of this, especially for a project that ended six years ago,” he told SCMagazineUS.com today. “Our concern is for our employees, even though we've been told that the risk of extradition of data from this tape is low. Still, if this is your Social Security number, this isn't what you want to hear.”

The data, in the cases of all three affected groups, was contracted out to third-party management vendor Accenture.  

The company was under contract with Ramsey County to design a new payroll program and used a list of employees to run tests, according to a Saturday report in the Pioneer Press. The stolen files contained only Social Security numbers in the case of Ramsey County employees.

The county notified all current employees by email, and is scrambling to notify all affected personnel by U.S. mail, said Verhasselt.

Accenture has offered free identity theft services to the affected employees.

Accenture revised a statement on Friday to say that the company believes “this was the result of our policies inadvertently not being followed.”

“We will take all appropriate action, including completing a thorough review of the information provided to us by the state of Ohio, and will provide credit monitoring services to any affected individuals,” Accenture said in the statement. “Accenture takes its responsibility to safeguard our clients' data very seriously. We invest heavily in training our employees so they understand how to appropriately handle sensitive data, and we impress on them the importance of following our policies.”

An Accenture representative could not be immediately reached for comment.

Last week, Connecticut Attorney General Richard Blumenthal sued Accenture, accusing the Bermuda-based company of “illegal negligence, unauthorized use of state property and breach of contract” for its role in the data breach.

Blumenthal filed suit after Accenture officials notified state Comptroller Nancy Wyman that the confidential information of 58 state taxpayers, hundreds of state bank accounts and 54 purchasing cards were potentially exposed during the June breach.

Verhasselt said he is unaware of any plans to sue.

“Our county attorney's office has been consulted. I know of no plans to sue. I think we're just trying to keep track of what our responses are going to be,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.