Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mass. secretary of state’s office accidentally releases sensitive data


The Massachusetts secretary of state's office earlier this year accidentally released the confidential personal information of state-registered investment advisers to a business publication.

How many victims? 139,000.

What type of personal information? Names, Social Security numbers, birth dates and locations, in addition to  height, weight, and hair and eye color.

Details: The information was on a CD-ROM sent to IA Week, an investment industry publication, in response to a request for public information. The publication originally asked the office's Securities Division, overseen by Secretary of State William Galvin, for a list of registered investment companies but was instead sent a list of individual investment professionals.

A new employee working in the division caused the error by failing to delete the Social Security numbers and other information, which is normally withheld. IA Week returned the CD-ROM in June with a letter stating it had not made any copies of the data.

Quote: “It's an unfortunate mistake,” said Brian McNiff, a spokesman for Galvin. “It obviously was not done according to [standard] practice.”

What was the response? The Securities Division currently is trying to determine whether it needs to notify affected individuals, since all data was recovered, and there is no reason to believe it was ever misused.

Source: boston.com, The Boston Globe, “State's error unveiled Social Security numbers,” July 6, 2010.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.