Confidential data revealed on Encinitas' Web site

July 13, 2007

By Adam Kaye, Staff Writer

http://www.nctimes.com/articles/2007/07/13/news/coastal/3_22_297_12_07.txt



Credit card or checking account information and addresses for nearly 1,200 people who had enrolled in Encinitas' youth recreation programs was inadvertently posted on the city's Web site, officials said Thursday.

The data was in a public folder on the site for about three months before someone noticed the error, said Jace Schwarm, a risk manager for the city of Encinitas. She said the information was removed from the Web on June 26, immediately after the problem was reported.

While the data was online, no one from outside the city opened the folder that contained the files, Schwarm said.

The error occurred when a city worker scanned waiver forms for the youth programs and posted the digitized documents on the Web instead of the city's internal database.

In addition to confidential financial information, the waivers contained the names, ages and addresses of children participating in the programs in 2001, 2002 and 2003, she said.

All told, nearly 4,000 waivers were posted -- almost 1,200 of them with financial information -- from March 20 until the error was discovered.

As required by state law, the city mailed notices to everyone whose financial information was compromised, officials said.

The notice encourages recipients to review their accounts for suspicious activity and to contact authorities if they find any.

The notice also includes telephone numbers and Internet addresses of credit reporting agencies that recipients can contact to place "fraud alerts" on their accounts.

Such alerts offer consumers protection against an identity thief opening new accounts, said Beth Givens of the Privacy Rights Clearinghouse. To open a new account, the thief would also need the victim's Social Security number, she said.

Even without the financial data, the posting of names and addresses -- especially those of children -- is cause for concern, Givens said.

"Let's say the mother is a battered spouse and is in hiding, or if the parent is a cop," she said. "For a variety of reasons, there are lots of individuals who need to keep their home addresses private."

Schwarm said the breach has prompted reminders throughout City Hall about the handling of documents.

"We absolutely have taken steps," she said. "We have notified all the departments when scanning any kind of documents to beware of confidential data."

A city phone line dedicated to fielding inquiries about the breach has received about 25 calls, Schwarm said. That number is (760) 633-2788.


main page ATTRITION feedback