|
|
 Government
Websites Cross Jurisdictions To Serve Your Data Worldwide
David Bloys -
News For Public
Officials
November 4., 2006
Law enforcement agencies have
warned you to carefully control who you give your private information
to, but everyday, local and state agencies breach their jurisdictional
control to deliver the same data to anyone, anywhere in the world.
State and local government
agencies have been collecting your personal information (sometimes
without your knowledge or consent), and making the data available to
foreign agents and criminals thousands of miles outside the agency's
controlling authority.
This is your personal information; your name, address,
Social
Security number, credit card number, driver's license number, medical
history, signature, and more.
The following table of data breaches by government Websites
lists some of the cases that have made national and local headlines; and
some that haven't hit the headlines YET. This page is updated quite frequently and the list continues to grow.
|
Franklin County Ohio
County Web Site
Helped Thieves Steal Identities of Victims in Five States
Police in Worthington
Ohio say hundreds of people in five states are the latest victims of
identity theft that has resulted from county officials publishing
sensitive information about citizens over the Internet. They've
asked the U.S. Secret Service to investigate the link between the
county Web site and online identity theft. |
|
Travis
County Texas
Collectible Memorabilia and Products
Redaction Failed - Sensitive Records Back Online
Six months ago, Texas
Travis County Clerk Dana DeBeauvoir removed the County's huge collection of
documents from the Internet at the request of citizens' concerned about
the County revealing individual
citizens' personal data.
Last week DeBeauvoir put thousands of citizens at risk when she
put the records online and exposed the failure of her six month long
redaction efforts.
Source: News for Public
Officials |
|
Monmouth County, NY
Judge orders removal of deeds from Web
James F.
Norton III filed suit in the Chancery Division of Monmouth County Superior
Court, arguing that publication of his Social Security number would expose him
to financial identity theft.
Source: Asbury Park Press
|
Grand
Prairie, Texas
City Posted sensitive
employee info on Web site
The city posted city employee's private
information, including Social Security numbers, on the city's
website for over a year.
“It was a mistake, you know, on our part
to tell you the truth,” said Amy Sprinkles with the City of Grand
Prairie. “We just didn’t catch it.”
Source:
BOB GREENE / WFAA-TV |
|
Vermont
Governor Furious After State
Publishes Doctors' Private Information Online
December 8,
2006
-- At least several hundred,
likely more, Social Security numbers of health care providers were
posted to the Internet in a state contractor's mistake.
News for Public Officials |
|
All Florida Counties
Fla.
residents' data exposure a statewide issue
The Social Security numbers, driver's license information and bank
account details belonging to potentially millions of current and
former residents of Florida are available to anyone on the Internet
because sensitive information has not been redacted from public
records being posted on county Websites.
Although questions about the availability of personal data online
initially focused on Broward County, an official there stressed
today that all counties in Florida are subject to the same state
law. A spot check of other county Web sites today confirmed that
sensitive data is easily available through public property records.
Included in the documents publicly available are dates of birth
and Social Security numbers of minors, images of signatures,
passport numbers, green-card details and bank account information.
Source:
Computer
World |
|
Rowan County, NC
County
Register Exposes Constituents In Defiance of County Board
Rowan County, North Carolina, Democratic incumbent Bobbie
Earnhardt, who is seeking her fourth term as Registrar of
Deeds, is publishing the Social Security numbers belonging to
thousands of her constituents in spite of protests by citizens and
county officials.
In October, 2005 the County Board voted to shut down
the Rowan County Register of Deeds' Website until further notice. Earnhardt
has stubbornly refused to comply with the boards decision. Anyone who
has ever bought property in Rowan County is at risk...
Read Candidates
Duel Over Online Records
Sources:
Salisbury
Post
FindMyID.com
News for
Public Officials
Dan
Patterson - GoRowan.com |
|
Vermont
Health providers' Social
Security numbers posted on state site
Human Resources Commissioner Linda McIntire
said the names and Social Security numbers of doctors, psychologists
and others were posted on a Web site where the state had posted a
request for bids by contractors to be the state's health insurance
administrator. At least several hundred, likely more, were exposed.
Source: WCAX-TV News |
|
Mecklenburg County, NC
County
Website Puts Police at Risk
Police officers
say Mecklenburg County's Website may put them in danger, and the
department wants the county to remove their documents.
Charlotte-Mecklenburg Police Chief Darrel Stephens said that in one
case, a police officer received a veiled threat.
Police believe the person got information about the officer from
county real estate records. The Website places every citizen of the
County who has reason to keep their sensitive information private at
risk.
Source:
The Charlotte Observer |
|
Cabarrus County, NC
Judges
Social Security numbers found on County Website
Jan Forster, a public records expert and paralegal with FindMyID.com has found the Social Security numbers of almost every
judge in Cabarrus County in documents published on the County
Website. Only one judge has escaped Register of Deeds Linda McAbee's
zest for publishing constituent's records outside her jurisdiction.
The security breach is not limited to judges. Anyone who has owned
property in Cabarrus County since 1983 is at risk.
Source:
Find My Id Blog |
|
Suffolk County Clerk's Office, New York
Over
7,000 homeowners' Social Security numbers posted on website
The Suffolk county clerk's office has exposed the Social Security
numbers of thousands of homeowners on its Web site, and officials
said they don't have a way to remove them. And soon, a new plan will
make it easier to retrieve them.
Mortgages and deeds that contain Social Security numbers for an
estimated 7,000 to 8,000 individuals have been "scanned" and posted
on the county clerk's Web site.
Robert Clifford, a spokesman for the Suffolk district attorney's
office, said identity theft is a big problem for his office and he
was surprised the numbers are available on a county Web site.
"It's not only disheartening, it's crazy," he said.
Source:
NewsDay |
|
Cumberland County, PA
Cumberland County discovers employee Social
Security numbers on county website
Cumberland County officials did a quick computer two-step
yesterday after learning the Social Security numbers of some of
their 1,200 employees were on the county Website. The information
likely had been on the site for years. The Social Security numbers
were included in minutes from salary board meetings dating from 1999
and earlier.
Sources:
The
Patriot-News
Attrition.org |
|
Tuscarawas County, OH
Tuscarawas County Voters Social Security Numbers Exposed
Potentially hundreds or thousands of Social Security numbers
belonging to Tuscarawas County voters are available to Lexis Nexus
subscribers located in 100 countries. Copley News Service confirmed
that Social Security numbers of some, but not all, Tuscarawas County
voters could be obtained.
Source:
TimesReporter.com |
|
Denton
County, TX Signatures and driver’s license numbers used to
steal home
Police in Frisco, Texas reported the fraud as a new twist on
identity theft where criminals used a a signature and driver’s
license number to file a fraudulent deed with the Denton County Clerk's
office.
News for Public Officials researcher Lisa Ramsey found the
victim’s driver’s license number and several copies of her signature
on the Denton County Clerk’s subscription Website. Thousands of
Denton County residents are similarly exposed.
Sources:
WFAA -TV
Dallas/Ft Worth
News For
Public Officials |
|
Fort Bend County,
TX
Meet the Stalker's
In March, 2005 Fort Bend County, Texas topped Smart
Money's
Meet the Stalker's List after reporters found Tom Delay's Social
Security number prominently displayed on the County Clerk Dianne
Wilson's Website.
Subsequent reports by the
Fort
Bend Herald and News for Public Officials revealed that the
Website displays Social Security Number's, driver's license numbers,
medical information, and credit card numbers belonging to hundred's
of thousands of past and present citizens.
Additionally, the Fort Bend County Clerk sells the data in
bulk to outside companies for a fraction of what the county
charges its own citizens.
In 2006, Fort Bend County officials refused open records requests for
access to an
independent audit that may have implicated some elected
officials in federal privacy violations involving medical
information published on the county website.
Sources:
Smart
Money
Fort Bend
Herald
News for
Public Officials |
|
Hamilton County, OH
Identity thieves confess: everything they needed was on
County Website
Kevin Moehring pled guilty in July of 2002 to using the Hamilton County
Website to steal the identity of Jim Moehring, general manager at U.S. Bank
Arena in Cincinnati...
In March of 2006, Hamilton County’s Website problems resurfaced in a big
way. Federal authorities revealed that they had busted up an identity theft
ring in southwest Ohio. According to published reports, Social
Security numbers and other information gleaned from the Hamilton County
government Website were allegedly used to steal nearly $500,000.
Sources:
New York Times
Middletown
Journal
Cincinnati Post |
|
Suffolk County, NY
County Clerk victim of identity theft
“I am a victim of identity theft. Just recently my social security number
was stolen”, Suffolk County legislator Edward Romaine said from his
Riverhead office. Romaine wants to call attention to -- and seek changes in
-- the county's Website and its practice of making very personal data a
matter of public record.
Source: WCBS-TV New York
|
|
Unnamed Government
Website in Maryland
Political Opponents Steal
Lt. Governor’s Identity
Sometime around July 2005, Democratic Senatorial Campaign Committee
research director Katie Barge, and/or her deputy, Lauren B. Weiner,
discovered Steele’s Social Security number on some court records. Video
obtained by WBAL-TV Baltimore indicates the court document bearing
Steele’s Social Security number was found on a government website.
Sources:
Washington Post
WBAL-TV
Baltimore |
|
State of Utah
Children’s Identities Breached By State Website
Attorney General Mark Shurtleff announced on July 15, 2005 that five people
had been charged---and hundreds more may be charged----with stealing and
forging social security numbers belonging to children. Investigators checked
Utah state records and found that approximately 1,800 social security
numbers, belonging to children under of 13, may have been compromised by
state's websites.
Source:
Utah Attorney
General Press Release, July 15, 2005 |
|
Chicago Board of
Elections
Elections Board Website exposed private
information belonging to voters
For at least the last six years, the Chicago Board of Elections'
Website has exposed the Social Security numbers and birth dates of
more than 1 million registered voters to anyone with a
computer.
The breach was discovered by the
Illinois Ballot Integrity Project, a not-for-profit, non-partisan
civic organization dedicated
to informing and
educating the public, media and government officials about important
election-integrity issues.
Sources:
Illinois
Ballot Integrity Project
WLS ABC-7
News for
Public Officials |
|
Denton County (TX) and City of Port Orange (FL)
Deputies in Texas, Police in Florida provided
access to "secure" Website used by law enforcement
According to a complaint filed by the U.S. attorney's office
for the Southern District of Florida in Miami. five men ranging in
age from nineteen to twenty four are accused of scamming their way
into databases used by law enforcement.
Sources:
Court
Records, Southern District of Florida
Washington
Post |
|
Berks County, PA
Sheriff's Website exposed 25,000 Social Security
Numbers
Names, addresses, Social Security numbers and other information
of some of 25,000 gun-permit holders exposed on County Website. An
employee of a California software firm spotted the Website, realized
it was confidential and notified the sheriff. Along with the Social
Security Numbers, he site contained names, addresses, and
other personal information.
Source:
TMCNET.com
ATTRITION.org |
|
Allegheny County, PA
100 Judges demand their information be removed
from County Website
When
Judges In Allegheny County, Pennsylvania found their home
addresses and other sensitive information on the Alleghany Website
they demanded the county remove their information immediately. Over
100 judges signed the petition citing the recent murder of a Federal
Judge's family in their Chicago home. The County complied but
refused similar requests from local police and citizens.
Source:
Pittsburgh Post-Gazette |
|
City of Savannah, GA
Red Light
Camera's exposed more than just photos on City's Website
The photos, names, dates of birth, addresses and sometimes Social
Security numbers of 8800 recipients of red light camera tickets in
Savannah Georgia were published on the Internet when the city's web
server failed to implement the most basic security measures.
Source:
News for
Public Officials
thenewspaper.com |
|
Maricopa County, AZ
First County To Go Online Becomes Highest In
Nation For Identity Theft
In 1997, Arizona’s Maricopa County became the first government
entity in the nation to post public records online. Maricopa now
claims the highest rate of identity theft in the nation, and local
IT officials say the two statistics are
inextricably linked."
Just before Christmas,2005 while Maricopa County Officials were
denying that criminals were using the County Website, a
23-year-old methamphetamine user was showing
Scottsdale officers
exactly how he used the County Recorder’s Website to steal
identities.
Sources:
New York
Times
Computer
World
CIO Magazine |
|
Florida Department of
Management Services
Personnel data for state
employees wound up in India
On March 16, 2006 Convergys and the
Florida Department of Management Services admitted that personnel
data for state employees wound up in India.
The sensitive data of 100,000 state workers may have
been compromised. The state
has
filed a lawsuit against Convergys asking for 5 million dollars in
damages.
Department of
Management Services Secretary Tom Lewis
told the
Florida Senate Governmental Oversight and Productivity Committee:
"The use of offshore services was inappropriate and unacceptable."
Source:
Tallahassee Democrat |
|
Multiple Counties in Florida
Signatures and Notary Seals copied from County Website
Law enforcement officials say deed forgery is particularly rampant
in South Florida, and especially in Miami-Dade County.
"All it takes is a trip to the store, the County Website and then
the clerk or county recorder's office", said Dennis Haber, president
of the Attorneys Real Estate Council.
Source:
NEWS-PRESS.COM
|
|
Mississippi Secretary of
State
Identity details found on state site
Until July 2006, the Mississippi Secretary of State's Website was
a potential gold mine for would-be identity thieves anywhere in the
world.
More than 2 million documents - thousands containing individuals'
Social Security numbers - called Uniform Commercial Code filings had
been available for public perusal.
After calls from concerned residents, privacy advocates and The
Clarion-Ledger, the secretary of state's office disabled links to
the documents.
Sources:
B.J. Ostergren,
The Virginia Watchdog
The Clarion Ledger
|
|
Virginia
Bureau of Insurance
State Website Exposed 202,000 Social
Security Numbers
In an advisory dated August 8th, 2006, Ken Schrad, Director of Virginia's
Division of Information Resources announced that the State's Bureau of
Insurance Website published the Social Security numbers of every insurance
agent licensed in the state. |
|
King County (Washington)
Social Security numbers for "thousands" posted to
county website
King County Elections has posted the Social Security numbers for
potentially thousands of current and former county residents,
according to County Council member Reagan Dunn.
"Within forty-five minutes, my staff was able to retrieve online
documents with the Social Security numbers of numerous local elected
officials and other high-profile individuals," Dunn said. "If we had
a criminal agenda, these people would be victims of identity-theft
by now."
Source:
Seattle Post-Intelligencer |
| United States General
Accounting Office
GAO pulls archived personal data from Web
The Government Accountability Office has
pulled from its Website personal information on certain government
employees after discovering that the archived data had been
inadvertently posted online. GAO said the data came from audit
reports on Defense Department travel vouchers from the 1970s and
included some service members’ names, Social Security numbers and
addresses. GAO estimates that fewer than 1,000 people were impacted.
David Walker, head of the GAO and comptroller
of the U.S., ordered the agency to remove the data and directed
officials to contact the Pentagon and other affected organizations
and urge them to purge similar files.
Source:
Government Computer News |
| United States Department
of Education "Limited number" of 6.4
million borrowers have information exposed on student loan Website
The department said that only a "limited number'' of the
program's 6.4 million borrowers were believed to be affected after
the problem began Sunday, since not all use the online system. It
did not specify how many.
The program involves holders of federal direct student loans, not
those who have loans managed through private companies.
Source:
Associated Press
The Boston Globe |
|
.gif){kind=small}
