Error puts employees' info online

April 03, 2004|by TARA REILLY

The Social Security numbers, names, birth dates and other private information of approximately 2,500 Washington County Board of Education employees accidentally were posted on the school system's Web site for up to 45 days recently, schools Public Information Officer Carol Mowen said Friday.

A school board employee mistakenly posted the information, titled "census data," on the Web site with other information used by insurance vendors interested in becoming the health or life insurance providers for the school system, Mowen said.

Mowen said the private information wasn't easily accessible because people surfing the school system's Web site would have had to type in certain search words to find it.


She said searching the site for the word "census" or any of the names of school system employees would have taken the surfer to the personal data.

"Luckily, it was only hit 23 times," Mowen said.

Twenty of those hits were by insurance vendors, she said.

She said she didn't know who made the other three hits, but said they also could have been insurance vendors.

The private information was put on the site in late January and stayed there until school system staff became aware of the posting about a week ago and removed it, Mowen said.

"It was an unfortunate mistake," Mowen said. "Measures have been taken to ensure that this type of accidental posting never happens again."

She said she could not elaborate on what those measures were because it was a personnel matter. She said employees who post information on the school system's Web site will be trained on what and what not to post.

The school system sent out a memo dated March 31 and titled "Potential Website Security Breach" to all employees who receive the School Board's insurance coverage notifying them of the mistake.

Mowen said employees weren't immediately notified of the posting because the school system wanted to investigate how many times the information was viewed. She said it took a couple of days to print the memo.

Social Security numbers, names, birth dates, hire dates, genders, residential ZIP codes, base salaries, titles and the types of insurance carried by the employees were posted on the site, according to the memo.

The memo stated that the school system had no evidence that any of the information was used for fraudulent purposes, but that employees may want to consider taking precautions to protect their credit.

Sgt. Paul Kifer, of the Hagerstown Police Department, said those with ill intentions can use the Social Security numbers of others to obtain credit cards and other lines of credit, leaving identity theft victims with bills and bad credit.

"That's the one number you do not want to get out," Kifer said.

He suggested that school board employees check their credit every six months for identity theft.

"If that has occurred, then they need to report it to the police department as quickly as possible," Kifer said.

He said that people often don't know they've been the victim of identity theft until they try to apply for credit.

School board employees may want to call the Federal Trade Commission at 1-877-ID-THEFT or log on to for more information, which includes phone numbers and addresses of credit bureaus, Kifer said.

He said it usually takes between 18 months and two years for victims to resolve problems resulting from identity theft.

"It's a long, drawn-out hard thing to do and track," Kifer said. "For the consumer, it's a nightmare."

The Herald-Mail Articles