A Maryland Department of Human Resources employee was placed on administrative leave after posting the Social Security numbers and other personal information of nearly 3,000 clients of a state agency on a third-party website, a spokeswoman for the agency said.
There's no evidence that the information was used for identity theft, said DHR spokeswoman Nancy Lineman, but DHR, which provides benefits such as food stamps and other aid, will offer affected clients a year of credit monitoring. They will receive a letter that was mailed Monday with further details about the data breach.
Under state law, businesses that expose the data of Maryland residents must inform them in writing, but governments are not required to do so, Lineman said. The employee is on administrative leave during the investigation of this incident and could face disciplinary action, she said.
The breach was discovered by staff of the Liberty Coalition, a nonprofit that promotes individual freedoms, including privacy. The group's privacy director, Aaron Titus, said the information was posted from April 27 to July 14. They tried to notify DHR officials July 9, he said, but were not successful until July 12. The data was taken down Wednesday, Lineman said.
"We take the privacy of the data that's entrusted to us very seriously," she said.
Titus said he was pleased that the government was offering credit monitoring, but he recommended that all affected clients contact credit reporting agencies to place a security freeze on their credit to prevent misuse of their data. Identity theft victims may do this for free, but state law prohibits residents from being charged more than $5.
DHR clients can enter their names at http://www.nationalidwatch.org/, a Liberty Coalition website, to see if they were among those affected.
www.baltimoresun.com