Computer breach gives prison staff access to employee information


Deb McKee

Officials at a Wabash Valley prison confirmed Friday that an internal computer security breach allowed prison staff access to Social Security numbers and other identifying information of employees for an unknown period of time.

Rich Larsen, public information officer for the Wabash Valley Correctional Facility in Carlisle, said a database containing Social Security numbers, dates of birth and names of people employed at the facility between 1997 and 2002 was unintentionally moved "from a secure private drive that was accessible only by the human resources department to a shared directory that could be accessed by other employees here."

The database was not accessible by the general public, Larsen added.

There have been no complaints or reports of identity theft because of the breach, Larsen said, but as a precaution, officials sent letters to the staff members, current and former, whose information was included in the database.

"Although we consider the possibility of identity theft as a result of the breach to be minor, we recommend [employees] should have a fraud alert put on their credit files, and that is free of charge" Larsen said.

In the letters, administrators provided contact information to the credit bureaus.

Larsen said officials are not sure how long the database was accessible.

"We are estimating the length of the breach to be as short as a week to up to nine months" he said.

As soon as officials were notified of the problem, the sensitive information was immediately moved back to a secure location, Larsen said.

main page ATTRITION feedback