More than 4,600 Floridians' personal data accidentally posted

October 11, 2006

By Eve Samples, Palm Beach Post Staff Writer

Florida's Labor Department unwittingly posted the names and Social Security numbers of more than 4,600 of its clients on the Internet last month, only to discover the error when a Fort Walton Beach man Googled his own name, an agency spokesman said Tuesday.

Since the information was not linked to any Web site, the Agency for Workforce Innovation, as the department is known, reported that it has no reason to believe anyone else accessed it.

But as a precaution it sent out letters last week to the 4,624 individuals, all of whom had enrolled for services with one of the 24 regional workforce boards across the state, spokesman Warren May said.

"Given the fact that we were trusted with this information, we're very apologetic that it happened," May said.

The letter included details about how to prevent identity theft as well as contact information for the three major credit-monitoring firms so residents could request fraud alerts.

"We also told them that, although we have no reason to believe that anyone has seen their Social Security number, we also believe they should take precautions," May said.

In Palm Beach County, the breach affected 121 people obtaining job-seeking assistance or other help from the local board, Workforce Alliance.

To the north, 137 people in the four-county area covered by the Workforce Development Board of the Treasure Coast were involved, said Deborah Davis, the board's One-Stop system manager.

"If any customers come into our center that have received the letter, we're reassuring them that their information was not compromised, and we're also giving them a number to call," Davis said.

So far, no one has contacted the local office about the breach, she said.

The names and Social Security numbers made it online around Sept. 1, when a workforce agency staffer in Tallahassee was uploading information to a "test server" and accidentally included the confidential data, May said.

Since it was on a test server, it was not linked to any Web site, but it could be found through a search engine such as Google.

No addresses or other personal information were included, May said.

The data was in cyberspace for about 18 days before the Fort Walton Beach resident contacted the agency, which swiftly removed it from the Internet.

The agency also asked Google to take down the pages from its cache.

Internally, the Agency for Workforce Innovation has added a new layer of review to its Web-posting routine to make sure the mistake doesn't happen again, May said.

So far, the department has received about 20 or 25 calls requesting clarification about how to check credit reports.

"People have been very understanding," May said.

The incident is the latest in a string of data breaches this year, including the Veterans Affairs Department's revelation in May that it lost data on 25.5 million veterans.

The San Diego-based group Privacy Rights Clearinghouse reports that about 94 million data records on U.S. residents have been exposed since February 2005.

main page ATTRITION feedback