I think the expression is – “the road to hell is paved with good intentions”.
I got wind of this data breach event from the IS Alliance.
As reported by WFTV Orlando – Social security numbers for 250,000 people were posted online by mistake, and a state agency is facing serious questions about why it was so careless with the information.
The Agency for Workforce Innovation accidentally posted the sensitive information for people looking for work. All those numbers were left online for at least 19 days. Potential victims do not even know it yet. When thousands of Floridians went to a career center, their personal information was forwarded to the state. Then, by mistake, that information ended up on a state website visible to anyone with Internet access. Local jobseekers’ identities have been compromised. Names, social security numbers, and employment information of more than 250,000 people who sought state help was accidently posted online. The Washington D.C. based Liberty Coalition spotted the error. “This is obviously a case of gross negligence,” said a spokesman for the Liberty Coalition. The Florida Agency for Workforce Innovation made the mistake in October when setting up a computer server. Somehow information that should have been kept private became public, available by an online search. It has since been taken down. The security breach affects people who went to a career service center between 2002 and 2007; even the identities of some their children were posted online. The Florida Agency for Workforce Innovation says it will send out a letter to all the people affected by the breach.
Although it’s convenient to yell negligence, it seems to me that some folks thought they were helping job seekers by posting their information online. If you’re looking for work – the more exposure you get is better. Unfortunately, the problem with posting PII (personally identifiable information), is where to draw the line and how to appropriately control unauthorized disclosure. Name, phone number and the kind of job a person is seeking makes sense (and is publicly available anyway in all kinds of other online channels), but social security number, and other data on the family is crossing the privacy line.
For the original article see: Agency Accidentally Posts 250,000 S.S. Numbers Online