The Baltimore Sun reports on a case of a government employee’s error — or deliberate insider abuse of data access privileges — leading to private data being published. “A state employee who posted the Social Security numbers of nearly 3,000 Maryland residents online for weeks has been fired, according to the Maryland Department of Human Resources.”
Aaron Titus, a Fort Washington resident who volunteers his time for the Liberty Coalition, a nonprofit privacy advocacy group, found the numbers through a Google search this month and reported them to the DHR.
The state worker had posted the personal information of nearly 3,000 clients of the human resources department onto a private website in April. The data had been stored in a folder marked “downloads” and was not protected by a password, encryption or a firewall. […]
DHR sent affected clients a letter to notify them of the breach. Victims were offered a free year of credit monitoring, but they must call an agency hot line before Oct. 29 to receive the benefit.
[A DHR spokeswoman] declined to identify the worker or his job earlier this week. None of the affected clients were aware of unauthorized financial activity.