The names and Social Security numbers of about 4,000 employees of the Indiana Department of Transportation were inadvertently posted on an internal network computer drive, the agency said Friday.
In a letter sent to the workers Friday, INDOT Commissioner Karl Browning said the file was available to any employee with computer access and could have been viewed by a limited number of third-party contractors with access to the drive. The file was posted on the drive sometime between Sept. 6 and Dec. 4 last year.
"The file was removed from all computer systems and our Information Technology staff is performing an extensive search of all other hard drives for any lists containing this type of information," Browning said in the letter.
The letter asked employees to contact an agency official if they knew of electronic or print files containing personal information that was not secured.
It also said employees should "consider taking steps to "protect yourself by contacting one of the three major credit bureaus and placing a fraud alert on your credit file." Fraud alerts require creditors to contact a person before opening any new accounts or exchanging existing accounts.
The three credit bureaus cited in the letter were Equifax, Experian and TransUnion.
The letter said INDOT was sending the names and addresses of the affected employees to all three credit bureaus informing them of the situation.
INDOT spokesman Andy Dietrick said the agency learned of the problem from an employee who was using the computer system. He said the agency had not received any complaints from employees as of early Friday afternoon but that the letters had just gone out that day.
"I'm sure the commissioner will hear from some employees," he said.
Browning said in his letter that he sincerely regretted the problem.
"Please be assured that all appropriate steps are being taken to prevent any further security lapses involving your personal information," he said.