State officials on Friday began notifying 465,000 Georgians that they might be at risk of identity theft because of a government security breach detected in April.
Joyce Goldberg, spokeswoman for the Georgia Technology Authority, emphasized that officials had no evidence that any personal data had been used for fraudulent purposes. But she said officials are alerting 244,000 motorists and 221,000 retired teachers, state employees, school employees and others who participated in the state Health Benefits Plan in 2002 that a former GTA employee downloaded their personal information to his home computers.
Goldberg said that officials believe the breach occurred in 2002, though it wasn't detected until April. That's when another GTA employee questioned why programmer Asif Siddiqui was logged in after hours to a data system in which he was no longer supposed to be working.
Siddiqui, a native of Pakistan who had worked at the GTA for four years, was fired April 29 and arrested on felony charges of computer trespassing and theft. No trial date has been set. His lawyer has said Siddiqui did nothing wrong and was authorized to access the files.
Officials say they have yet to determine why Siddiqui wanted the information or why it appears not to have been used in three years.
Goldberg said officials nevertheless are urging people whose files were accessed to guard against identity theft by monitoring their bank accounts, credit card statements and credit bureau reports and placing fraud alerts on their accounts.
The first 10,000 letters went out Friday, and all the potential victims should be notified by sometime in November, Goldberg said.
"In the letters, we certainly do express regret for any inconvenience," she said. "We know how people feel about giving personal information to the government and we know we have a special obligation to protect that information."
The GTA is the agency responsible for operating and maintaining most of the state government's computer and telephone systems.
Goldberg said investigators seized three computers from Siddiqui's home in Acworth, as well as his work laptop computer, and spent the summer analyzing about 1.5 million computer files.
That's how they determined that Siddiqui had accessed the names, birth dates and driver's license numbers of about 244,000 motorists, she said.
Some Social Security numbers have been accessed if people kept them as their driver's license numbers, Goldberg said.
The information that was downloaded on participants in the insurance plan included names, addresses and Social Security numbers, as well as similar information on the participants' dependents, Goldberg said. No personal health information or financial data were accessed, she said.
Attorney Ed Garland, who is representing Siddiqui, could not be reached for comment Friday.
John Bankhead, spokesman for the Georgia Bureau of Investigation, said Friday that investigators were trying to determine a motive.
When the investigation started in April, officials found that Siddiqui had recently been looking at driver's license files, which were no longer part of his responsibility, Goldberg said.
Since the breach was uncovered, the GTA has changed its policies on employee access to information, Goldberg said. GTA employees also are required to sign a form promising not to disclose or misuse any information they have access to through their jobs.
[an error occurred while processing this directive]