BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Man finds city workers' personal info in tossed files

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 17 Jul 2013 11:45:38 -0500
http://www.wbaltv.com/news/maryland/i-team/man-finds-city-workers-personal-info-in-tossed-files/-/10640252/21000568/-/j4qng0/-/index.html

Many people go to great lengths to protect their sensitive personal
information, and most probably assume their employer is watching out
for them, too, but that wasn't the case for thousands of city workers
who were part of a large-scale privacy breach.

A man who didn't want to be identified told the 11 News I-Team he was
driving by a city training and safety office on Druid Park Drive in
northwest Baltimore when he saw a huge pile of furniture and other
items that had been put out for trash. He said he thought he could use
a cardboard box that was part of the pile for filing.

"When I got it home, that's when I noticed. I was dumbfounded. It was
incredible. I couldn't believe it," the man told I-Team reporter Barry
Simms.

Inside the box there were confidential records for thousands of
current and former Baltimore City employees, from firefighters to
sanitation workers, and all their vital information was there,
including their Social Security numbers, birth dates, driver's license
information and more.

"I just thought, if nothing else, these people need some type of
protection. They at least need to know they're being exposed," the man
told Simms.

Jeff Deinlein is one of those current employees. Simms found him on
his day off and showed him the paperwork.

"It has my name, and it looks like my driver's license number, my
Social Security number -- the full number – and date of birth and an
old supervisor," he said after looking at it.

Carl Sedler retired from the city in 1994 after getting injured on the
job five years earlier. Simms also showed him paperwork that was
found.

"That's my Social Security number. If you've got it, who else has got
it?" Sedler questioned.

The records appear to be training logs dated from 1989-1991, Simms
reported, and the information belongs to people who would now be in
their mid-40s or older.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: